May 25, 2022

Block confirmed a data breach involving a former employee who downloaded reports from the Cash App containing certain customer information in the US.

In a filing with the Securities and Exchange Commission (SEC) dated April 4, Block, formerly known as Square, said an insider had access to the report on December 10.

“Although this employee had regular access to these reports as part of his previous job duties, in this case, access to these reports was obtained without authorization after leaving,” the file says. Block refused to answer our questions about why the former employee still had access to this data and how long this access remained after he left the company.

The information provided in the report included full usernames and brokerage account numbers, and for some clients, the data provided also included the value of the broker’s portfolio, holdings in the broker’s portfolio, and stock trading activity during the trading day.

The San Francisco-based company declined to say how many Cash App customers were affected by the hack, but said it was contacting 8.2 million current and former customers about the incident.

Block says there was no access to personal information other than names such as usernames or passwords, social security numbers, payment card information or addresses. were not affected.

Discovering the incident four months after it occurred, the company launched an internal investigation and said it would notify the relevant regulatory and law enforcement agencies.

“At Cash App, we value customer trust and are committed to protecting customer information,” Cash App spokeswoman Danica Osley said in a statement to gaming-updates. “After the discovery, we took steps to resolve the issue and launched an investigation with the help of a leading forensic company. We know how these reports were obtained and we have informed the police. In addition, we continue to review and strengthen administrative and technical information security measures.”

gaming-updates sent Block further questions about the extent of the incident, but the company declined to respond.

Leave a Reply

Your email address will not be published.