Cash App says data breach could affect millions of users
More than 8 million users of mobile payments service Cash App could be affected in a data breach involving a former employee who took records containing customer names and account numbers.
While account user names and passwords were not affected, the mobile payments app is now notifying customers of the breach, it disclosed in an April 4 filing with the Securities and Exchange Commission. Cash App is owned by Block, formerly known as Square, a financial payments company headed by Twitter co-founder Jack Dorsey,.
Block said in the filing that it "recently determined that a former employee downloaded certain reports" belonging to Cash App. That information included users' full names and brokerage account numbers, a unique identifier for a person's stock activity on Cash App Investing. For some customers, the compromised data also included "brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day," according to Block.
"While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended," the company said.
According to the filing, no personally identifiable information was taken. User names, passwords, Social Security numbers, dates of birth and access codes were not affected, Block said. The breach only affected U.S. customers.
Block is contacting 8.2 million current and former customers to alert them of the breach. The company is investigating the incident and has notified law enforcement.
Block said it does not expect the breach to have affects its financial performance.
"Although the company has not yet completed its investigation of the incident, based on its preliminary assessment and on the information currently known, the company does not currently believe the incident will have a material impact on its business, operations or financial results," the filing said.