Skip to main content

Cash App breach impacts millions of U.S. customers

Block, formerly Square, has revealed a security breach impacting up to 8.2 million current and former users of Cash App, its mobile payment and investment service.

The San Francisco-based company said in a recent filing with the U.S. Securities and Exchange Commission that the breach was an inside job allegedly carried out by a former employee.

Recommended Videos

It’s believed that the suspect downloaded stock-related reports from Cash App last December, with the stolen data containing details linked to a number of U.S. customers.

“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” Block said in the filing.

The company said the customer information in the reports included full name and brokerage account number and in some cases the brokerage portfolio value, brokerage portfolio holdings, and/or stock trading activity for one trading day.

The reports did not include usernames or passwords, Social Security numbers, date of birth, payment card information, addresses, bank account information, or any other personally identifiable information, Block said.

Security codes, access codes, and passwords used to access Cash App accounts were also not involved in the breach.

Block’s response

In a widely reported statement, Block said that upon discovering the breach, it “took steps to remediate this issue and launched an investigation with the help of a leading forensics firm.”

It continued: “We know how these reports were accessed, and we have notified law enforcement. We are also contacting customers whose data was impacted. In addition, we continue to review and strengthen administrative and technical safeguards to protect information.”

Block describes Cash App as “the easiest way to send, spend, save, and invest your money. It’s the safe, fast, and free mobile banking app.”

Block started life as Square in 2009 to make financial transactions easier. Cash App, with stock trading features, followed four years later. The company was set up by Jim McKelvey and Twitter co-founder and former CEO Jack Dorsey, who continues to lead Block.

Looking for an alternative to Cash App? Digital Trends has you covered.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
World Cup: FIFA app made U.S. soccer fans’ tickets disappear
FIFA's ticketing app for the 2022 World Cup.

Fans with virtual tickets for some of Qatar’s first World Cup soccer games on Monday were left wondering if they’d be able to enter the stadium after the official FIFA ticketing app crashed shortly before kick-off.

U.S. fans with tickets for the Wales game, and England fans planning to see the clash with Iran, were among “thousands” of ticket-holders unable to access the FIFA app that held their virtual tickets, ESPN reported on Monday.

Read more
TikTok continues to rebut reports of a security breach
The TikTok app on a smartphone's screen. The smartphone is sitting on a white table.

Popular short-form video app TikTok recently found itself having to refute claims that it had been hacked, and is continuing to rebut the charge.

According to BleepingComputer, as early as late last week, a hacking group known as AgainstTheWest, posted to a forum saying that it had hacked TikTok and a messaging app known as WeChat. The forum post also included screenshots, which were of "an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users."

Read more
U.S. federal court system cyberattack is worse than previously thought
A large monitor displaying a security hacking breach warning.

A cyberattack incident that involved the U.S. federal court system infrastructure has been proven to be an “incredibly significant and sophisticated” attack.

This statement is a stark difference from the one initially provided when the situation occurred in 2020.

Read more