Block, formerly Square, has revealed a security breach impacting up to 8.2 million current and former users of Cash App, its mobile payment and investment service.
The San Francisco-based company said in a recent filing with the U.S. Securities and Exchange Commission that the breach was an inside job allegedly carried out by a former employee.
It’s believed that the suspect downloaded stock-related reports from Cash App last December, with the stolen data containing details linked to a number of U.S. customers.
“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” Block said in the filing.
The company said the customer information in the reports included full name and brokerage account number and in some cases the brokerage portfolio value, brokerage portfolio holdings, and/or stock trading activity for one trading day.
The reports did not include usernames or passwords, Social Security numbers, date of birth, payment card information, addresses, bank account information, or any other personally identifiable information, Block said.
Security codes, access codes, and passwords used to access Cash App accounts were also not involved in the breach.
In a widely reported statement, Block said that upon discovering the breach, it “took steps to remediate this issue and launched an investigation with the help of a leading forensics firm.”
It continued: “We know how these reports were accessed, and we have notified law enforcement. We are also contacting customers whose data was impacted. In addition, we continue to review and strengthen administrative and technical safeguards to protect information.”
Block describes Cash App as “the easiest way to send, spend, save, and invest your money. It’s the safe, fast, and free mobile banking app.”
Block started life as Square in 2009 to make financial transactions easier. Cash App, with stock trading features, followed four years later. The company was set up by Jim McKelvey and Twitter co-founder and former CEO Jack Dorsey, who continues to lead Block.
Looking for an alternative to Cash App? Digital Trends has you covered.
- Twitter accused of selling your phone number to advertisers
- Google backs down, keeping cheaper way to date online intact
- Google will help open-source tech fight cyberattacks
- New App Store rule lets companies charge more for subscriptions without approval
- Ransomware gangs are evolving in new and dangerous ways