Block says former Cash App employee accessed data from US customer accounts
Jonathan Greig April 6, 2022

Block says former Cash App employee accessed data from US customer accounts

Block says former Cash App employee accessed data from US customer accounts

In an SEC filing on Monday, digital financial services company Block said a former employee for its subsidiary Cash App Investing accessed and downloaded the personal information of customers based in the US.

The company said it determined the employee accessed the information on December 10, 2021 and explained that they are contacting about 8.2 million current and former customers to provide them with information about this incident.

In a statement to The Record, Block spokesperson Danika Owsley said law enforcement has been notified. The company would not answer further questions about how the breach was discovered.  

In the filing, Block said the employee “had regular access to these reports as part of their past job responsibilities,” but explained that the reports “were accessed without permission after their employment ended.”

“The information in the reports included full name and brokerage account number (this is the unique identification number associated with a customer’s stock activity on Cash App Investing), and for some customers also included brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day,” the company said. 

“The reports did not include usernames or passwords, Social Security numbers, date of birth, payment card information, addresses, bank account information, or any other personally identifiable information. They also did not include any security code, access code, or password used to access Cash App accounts.” 

The company claims it launched an investigation after it discovered what happened and hired a forensics firm to help. 

According to their statement, they plan to “review and strengthen administrative and technical safeguards to protect the information of its customers.” 

The company could not put a monetary value on the incident, writing that any future costs related to it are “difficult to predict.”

“Although the Company has not yet completed its investigation of the incident, based on its preliminary assessment and on the information currently known, the Company does not currently believe the incident will have a material impact on its business, operations, or financial results,” the company said.

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.