In short: Block, the company formerly called Square that is responsible for the Cash App payment service, has confirmed that a data breach was committed by a former employee who accessed US customer records.
Block disclosed the Cash App breach in a regulatory filing with the Securities and Exchange Commission (SEC) on April 4, writing Tech Crunch. He said a former employee viewed customer reports on December 10.
“While this employee had regular access to these reports as part of his prior job responsibilities, in this case, these reports were accessed without authorization following his employment ended,” the filing said.
Reports viewed included full client names and brokerage account numbers. There was also brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for a trading day in the data, but only in some cases.
Another Cash App Taxes tip. Enjoy and file your taxes completely free using Cash App Taxes. https://t.co/4K74Z7urYj pic.twitter.com/J5OwZ5Kxu6
– Cash App (@CashApp) 2 avril 2022
Block pointed out that no personally identifiable information, other than names, was exposed — usernames, passwords, social security numbers, payment card information, bank account details. and addresses have not been consulted. Additionally, only customers in the United States were affected.
Block never specified exactly how many people were affected by the breach, but he did confirm that he was contacting regarding 8.2 million current and former customers regarding the incident.
“Upon discovery, we took steps to remedy this issue and launched an investigation with the help of a leading forensic science firm. We know how these reports were accessed and we informed law enforcement. Additionally, we continue to review and strengthen administrative procedures and technical safeguards to protect information,” Block said in a statement.
Shares in the block fell 7% from $145 to $135 yesterday following news broke.
The 8.2 million people involved in this case represent more than last November’s Robin Hood security incident which led to the exposure of the personal information of no less than 7 million users. But that pales in comparison to some of the biggest breaches we’ve seen over the years, such as the T-Mobile hack that affected 48 million customers or the MGM breach that saw 142 million details on hotel guests appear on the dark web.
Banner image: Tech Daily