If you’re one of the 8.2 million people who use or have used Cash App in the past, you’ll likely be receiving correspondence from Block, Inc. (formerly known as Square) or Cash App Investing in regard to a Cash App data breach. On April 4, 2022, Block acknowledged in its filing with the SEC that customer data had been accessed by an unauthorized party.
Keep reading for details on the Cash App data breach and find out who it affects.
Block, the owner of Cash App, confirmed sensitive data was breached in 2021.
The Cash App data breach that's just now coming to light stems back to an incident that occurred in December 2021. According to its SEC filing, Block says it learned that a former employee had “downloaded certain reports of its subsidiary Cash App Investing LLC on December 10, 2021.”
The alleged individual who committed the breach was a former employee of Block and once had regular access to customer data. At the time customer information was accessed, that individual wasn't employed by the company anymore.
What information was accessed in the Cash App data breach?
The sensitive information that was compromised in the Cash App data breach includes full names and brokerage account numbers. A brokerage account number serves as an identification number for a customer’s stock activity done on Cash App Investing.
Other information that was downloaded without authorization included customers’ brokerage portfolio values, brokerage portfolio holdings, and stock trading activity for one day trading, as stated in Block’s SEC filing.
To be clear, the following information wasn't accessed during the Cash App data breach:
- Usernames and passwords
- Social Security numbers (SSN)
- Payment card information
- Bank account information
- Other personally identifiable information
Also, the data breach didn't put the security codes, access codes, or passwords customers use to enter their Cash App accounts at risk. Block says other Cash App products outside of those that focus on stock activity weren't affected by the data breach nor are customers who live outside of the U.S.
Block says it's working to strengthen "administrative and technical safeguards” to protect customer information.
After Block learned that a former employee had illegally downloaded customer data from its Cash App Investing sector, it launched an investigation and began working with “a leading forensics firm.” The company added that it has already notified law enforcement and will be notifying the applicable regulatory authorities.
In its SEC filing, Block said “it takes the security of information belonging to its customers very seriously and continues to review and strengthen administrative and technical safeguards to protect the information of its customers.” In the meantime, if you use or used Cash App Investing, the company will be reaching out to you in the near future to provide you with important information and helpful resources.
Cash App, a subsidiary of Block, doesn’t foresee the data breach having “a material impact on its business.”
While Block has acknowledged that “future costs associated with this incident are difficult to predict,” it doesn’t believe the breach will impact its “business, operations, or financial results."