Block, formerly known as Square, has confirmed that a former employee downloaded reports from Cash App back in December of 2021.
A filing with the Securities and Exchange Commission (SEC) states that while the employee had access to reports as part of their prior job responsibilities, the employee gained unauthorized access after their employment had ended. The reports included brokerage account numbers and user’s full names, with some accounts including brokerage portfolio values, holdings, and stock trading activity for one day. Block didn’t specify how many customers were affected by the breach, however they did note they were contacting around 8.2 million current and former customers regarding the incident.
According to the company, no usernames, passwords, CC information, addresses or social security numbers were included in reports. Products and features that operate outside of the United States were not impacted by the breach.
The incident was first discovered on the 4th of April. Block has stated that the proper authorities and law enforcement have been notified, in addition to launching an internal investigation.
A Cash App spokesperson noted that they value customer trust and are committed to reviewing and strengthening administrative and technical safeguards in order to protect customer information.
While it’s a relief that no personally identifiable information besides names were accessed, it goes to show that data security isn’t limited to outside threats. Many data breaches are caused by human error, whether intentional or not, and can lead to massive consequences for businesses. Make sure your employees are being trained in how to properly spot a cybersecurity threat, as well as maintaining adequate safeguards to prevent unauthorized access of any accounts or important assets.
Sign up to our mailing list to receive more IT related educational information: