Cash App notifies 8.2 million current and former US customers of a data breach after a former employee accessed their account information.
Block, Inc., the owner of Cash App, disclosed in a Form 8-K SEC filing that the breach occurred on December 10, 2021, after a former employee downloaded internal Cash App reports while no longer with the company. .
Block says the reports include the full names of Cash App’s clients and the broker’s account numbers associated with investing activities on Cash App. For some clients, additional information was disclosed in the reports, including portfolio values, positions and possibly trading activity for a single trading day.
As first reported by TechCrunch, the data breach did not include more sensitive information, such as login credentials, social security numbers, and payment information.
“The reports do not include usernames or passwords, Social Security numbers, date of birth, payment card information, addresses, bank account information or other personally identifiable information,” reads Block’s Form 8-K filing.
“They also do not contain a security code, passcode, or password used to access Cash App accounts. Other Cash App products and features (other than inventory activity) and customers outside of the United States were not affected.”
In response to our requests for more details, a Cash App spokesperson shared the following statement with BleepingComputer.
“At Cash App, we value customer trust and are committed to the security of customer information. Upon discovery, we took steps to resolve this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. We are also contacting customers whose data has been compromised, and we continue to maintain, review and strengthen administrative and technical safeguards to protect information.”
Block says they are alerting the 8.2 million customers affected by the breach to provide more information about the incident.
The company also states that it has notified regulatory authorities and law enforcement officials of the breach
This post Cash App informs 8.2 million US customers about data breach
was original published at “https://www.bleepingcomputer.com/news/security/cash-app-notifies-82-million-us-customers-about-data-breach/”