Cash App breach compromises up to 8.2 million user accounts

Cash App breach compromises up to 8.2 million user accounts

By

Cash App suffers data breach
A former employee downloaded reports after leaving Cash App parent company Block.
Image: Block

Block, the parent company of Cash App, has confirmed that user accounts have been compromised by an internal data breach. It has 8.2 million current and former customers.

The incident, which involved a former employee who downloaded reports after leaving the company, was reported to the Securities and Exchange Commission (SEC) on April 4. Block said it has begun notifying Cash App users.

Cash App users suffer data breach

Block, which was known as Square up until last year, told the SEC that it recently discovered the breach that took place last December. It contained “some” U.S. customer information, the filing said.

The downloaded reports supposedly did not include usernames or passwords, Social Security numbers, dates of birth, or other personally identifiable data. But it did include full names, account numbers, and account history.

Block won’t say how many users are affected

“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” the filing confirmed.

“Upon discovery, the Company and its outside counsel launched an investigation with the help of a leading forensics firm. Cash App Investing is contacting approximately 8.2 million current and former customers.”

Block will not confirm exactly how many customers it believes may have been affected, according to TechCrunch. It is also keeping quiet about how long the former employee had access to Cash App systems after leaving.

Block takes security ‘very seriously’

Block “takes the security of information belonging to its customers very seriously and continues to review and strengthen administrative and technical safeguards to protect the information of its customers,” its filing continued.

It also said it does not believe the incident will have “a material impact on its business, operations, or financial results.”

Hopefully, it won’t have too much of an impact on Cash App users, either. If indeed it is just names and account numbers that were obtained, it seems highly unlikely that the reports could be used for anything too nefarious.

Block has not advised Cash App users to change account passwords or take any other steps.