Block discloses data breach involving Cash App potentially impacting 8.2 million US customers

Block disclosed a data breach related to the Cash App investing app and is notifying 8.2 million current and former US customers.

The data breach involved a former employee that downloaded some unspecified reports of its Cash App Investing app that contained some U.S. customer information. Cash App is an app that allows users to easily send money, spend money, save money, and buy cryptocurrency.

“On April 4, 2022, Block, Inc. (the “Company”) announced that it recently determined that a former employee downloaded certain reports of its subsidiary Cash App Investing LLC (“Cash App Investing”) on December 10, 2021 that contained some U.S. customer information. While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended.” reads the FORM 8-K published by the U.S. Securities and Exchange Commission (SEC).

The security breach took place on December 10, 2021, the downloaded reports includes customers’ full names as well as their brokerage account number (the unique identification number associated with a customer’s stock activity on Cash App Investing), and for some customers also included brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day.

Block pointed out that the reports don’t contain personally identifiable information such as usernames or passwords, Social Security numbers, dates of birth, payment card information, addresses, and bank account details.

At this time it is unclear how many how many users were impacted, Block is notifying roughly 8.2 million current and former customers.

The company notified notified law enforcement and announced it is continuing to review and strengthen administrative and technical safeguards to protect the information of its customers.

Block added that at this time it is difficult to predict future costs associated with this security breach.

“Although the Company has not yet completed its investigation of the incident, based on its preliminary assessment and on the information currently known, the Company does not currently believe the incident will have a material impact on its business, operations, or financial results.” concludes the annoucement.

Please vote Security Affairs as best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cash App)

[adrotate banner=”5″]

[adrotate banner=”13″]