Skip to Content

More than 8 million Cash App Investing customers potentially impacted by data breach linked to former employee

<i>Adobe Stock</i><br/>More than 8 million Cash App Investing customers may have had personal data compromised after a former employee downloaded internal reports without permission
Thomas Dutour - stock.adobe.com
Adobe Stock
More than 8 million Cash App Investing customers may have had personal data compromised after a former employee downloaded internal reports without permission

By Catherine Thorbecke, CNN Business

More than 8 million Cash App Investing customers may have had personal data compromised after a former employee downloaded internal reports without permission, parent company Block Inc revealed in a regulatory filing earlier this week.

The breach solely impacted Cash App Investing users, according to the filing Monday, not the company’s more popular peer-to-peer payment product, Cash App. Block, formerly known as Square, said it is reaching out to roughly 8.2 million current and former customers about the incident.

“At Cash App we value customer trust and are committed to the security of customers’ information,” Danika Owsley, a spokesperson for Cash App, told CNN Business in a statement. “Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm.”

Information in the reports accessed by the former employee included customers’ full names and brokerage account number, which is the personal identification number associated with a customers’ stock activity on the platform. For some customers, the data accessed also included the value and holdings of the brokerage portfolio, as well as some trading activity, according to the SEC filing.

The former employee downloaded the data in December, after their employment with the company had ended, according to the filing. “We know how these reports were accessed, and we have notified law enforcement,” Owsley said in the statement. The company declined to provide further details on how the incident occurred.

In her statement, Owsley said the company continues to “review and strengthen administrative and technical safeguards to protect information.”

The filing added that the reports accessed by the former employee did not include usernames or passwords, Social Security numbers, date of birth, payment card information, addresses, bank account information or “any other personally identifiable information.”

The-CNN-Wire
™ & © 2022 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.

Article Topic Follows: CNN - Social Media/Technology

Jump to comments ↓

CNN Newsource

BE PART OF THE CONVERSATION

KION 46 is committed to providing a forum for civil and constructive conversation.

Please keep your comments respectful and relevant. You can review our Community Guidelines by clicking here

If you would like to share a story idea, please submit it here.

Skip to content