Cash App, the mobile payment app developed by California-based financial services company Block, has suffered a data breach. In an SEC (Securities and Exchange Commission) filing Monday, the company disclosed that a former employee stole a huge amount of customer data. This breach affects 8.2 million current and former Cash App customers in the US.
Block confirms Cash App data breach
According to the SEC filing, the Cash App data breach took place on December 10, 2021. The stolen information includes the full name of customers and their brokerage account numbers. The latter is a unique identification number associated with a customer’s stock activity in Cash App. Some customers also had their “brokerage portfolio value, brokerage portfolio holdings, and/or stock trading activity for one trading day” stolen by the former Cash App employee.
Block confirmed that no personally identifiable information such as usernames, passwords, Social Security numbers, date of birth, payment card information, addresses, and bank account information was compromised. This data breach also did not include any security code, access code, or password that customers used to access their Cash App accounts.
Interestingly, the ex-employee had access to all of the information they stole as part of their job responsibilities when working at Cash App. However, the person accessed the servers and downloaded customer data without permission after they had left the company. This is carelessness on the company’s part. It shouldn’t have allowed a former employee to access its servers.
It’s unclear how long the person had access to the data before Cash App got to know of the breach. The company doesn’t tell if there has been any misuse of the stolen data.
Cash App is contacting the affected customers
Cash App (formerly Square Cash) started as a peer-to-peer payment app in 2013. Over the years, it has added more functionalities, including stocks and Bitcoin trading. The service is available in the UK and the US. In September 2021, the company reported 70 million annual transacting users. Time will tell if this data breach affects its growth.
As said earlier, this breach only compromised the data of US customers. Cash App has begun contacting the 8.2 million affected customers. The company is notifying them about the incident and helping them with further steps. It has also launched an investigation into the matter and has notified law enforcement and applicable regulatory authorities of the same. Cash App is taking the help of “a leading forensics firm” in this investigation.