Cash App, the popular peer-to-peer payment platform that also offers crypto and other stock investing features, is disclosing a security breach affecting 8.2 million of its users. Block, formerly Square, disclosed this breach in a filing with the SEC this week.
The company revealed that a former employee retained access to US customer information despite departing the company months earlier. Cash App is one of the most popular apps for iOS and a competitor to Apple’s own Apple cash service.
As reported by TechCrunch, Cash App is notifying around 8.2 million of its users about this breach. Information potentially accessed by the former employee includes full names and brokerage account numbers. In some instances, the employee also accessed “brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for one trading day.”
In the email to affected Cash App users, Block explains that this employee had “regular access to these reports” as part of their job but retained access after employment. The company declined to provide more details when pressed by TechCrunch:
“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” the filing reads. Block refused to answer our questions about why a former employee still had access to this data, and for how long they retained access after their employment at the company had ended.
In a statement, Cash App spokesperson Danika Owsley explained that it quickly took steps to solve the issue once it was discovered:
“At Cash App we value customer trust and are committed to the security of customers’ information. Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. In addition, we continue to review and strengthen administrative and technical safeguards to protect information.”
At this point, we’re still waiting on more details on exactly how many customers were impacted, with Block only saying that it is notifying 8.2 million of its users. This means that if you were potentially impacted, you can expect to receive, or might have already received, an email from Cash App.
FTC: We use income earning auto affiliate links. More.
Comments