Cash App has had a security breach, with a former employee accessing customer information for potentially millions of users.
The financial app’s owner Block notified the Security and Exchange Commission (SEC) of the breach on Monday, as reported by TechCrunch. According to the filing, a former employee downloaded some Cash App investing reports that contained information belonging to U.S. customers. This included full names, brokerage account numbers, brokerage portfolio values and holdings, and one day of stock trading activity.
“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” said a Cash App spokesperson in a statement to Mashable. This statement was largely identical to Block’s SEC filing.
While Cash App declined to state how many people were impacted, its SEC filing noted that 8.2 million current and former customers are being contacted about the breach. Fortunately, information such as usernames, passwords, dates of birth, Social Security numbers, addresses, and bank account information were not compromised, nor were account access codes.
“Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm,” said Cash App’s spokesperson. “We know how these reports were accessed, and we have notified law enforcement. We are also contacting customers whose data was impacted. In addition, we continue to review and strengthen administrative and technical safeguards to protect information.”
Cash App stated in the SEC filing that, while the investigation of the breach is ongoing, it currently believes the incident won’t have a material impact on its business or financial results. Still, incidents such as these are never reassuring for customers.