More than 8 million users of the Cash App mobile payment service could be affected by a data breach involving a former employee who took records containing customer names and account numbers.
Although account usernames and passwords were not affected, the mobile payment app is now notifying customers of the breach, it disclosed in an April 4 statement. deposit with the Securities and Exchange Commission. Cash App is owned by Block, formerly known as Square, a financial payments company run by Twitter co-founder Jack Dorsey.
Block said in the filing that he “recently determined that a former employee downloaded certain reports” belonging to Cash App. This information included users’ full names and brokerage account numbers, a unique identifier for a person’s trading activity on Cash App Investing. For some clients, the compromised data also included “brokerage portfolio value, brokerage portfolio holdings, and/or stock trading activity during a trading day,” according to Block.
“While this employee had regular access to these reports as part of his prior job responsibilities, in this case these reports were accessed without permission after his employment ended,” the company said.
According to the record, no personally identifiable information was taken. Usernames, passwords, social security numbers, dates of birth and passcodes were not affected, Block said. The breach only affected US customers.
Block is contacting 8.2 million current and former customers to alert them to the breach. The company is investigating the incident and has notified law enforcement.
Block said it does not expect the breach to affect its financial performance.
“Although the Company has not yet completed its investigation of the incident, based on its preliminary assessment and information currently known, the Company does not currently believe that the incident will have a material impact on its business, its operations or its financial results,” the filing said.