Technology

Block Confirms Cash App Breach after Former Employee Accessed US Customer Data

Block Confirms Cash App Breach after Former Employee Accessed US Customer Data

Block has verified a data breach involving a former employee who obtained reports from Cash App including client information from the United States. Block — formerly known as square — claimed the reports were obtained by the insider on December 10 in a filing with the Securities and Exchange Commission (SEC) on April 4.

“While this person had frequent access to these data as part of their previous work obligations,” the complaint continues, “in this instance, these reports were obtained without authority after their employment terminated.” Block failed to respond to our queries about why a former employee got access to this information and how long they had it after their employment with the business ended. Users’ complete identities and brokerage account numbers were included in the reports, and certain customers’ data additionally contained brokerage portfolio valuation, brokerage portfolio holdings, and stock trading activity for one trading day.

The San Francisco-based firm declined to reveal how many Cash App clients were affected by the hack, but said it is in the process of notifying nearly 8.2 million current and past consumers. Other personally identifiable information, such as usernames or passwords, Social Security numbers, payment card information, or addresses, were not accessed, according to Block. Other Cash App products and features, as well as customers outside of the United States, were not impacted, according to the filing.

The firm has begun an internal inquiry into the event, which was discovered four months after it occurred, and has informed the appropriate regulatory agencies and law enforcement. In a response to TechCrunch, Cash App spokesperson Danika Owsley said, “At Cash App, we cherish customer trust and are committed to the protection of clients’ information.” “As soon as we were made aware of the problem, we took steps to address it and enlisted the assistance of a prominent forensics firm to conduct an investigation.” We’ve informed law enforcement about how these reports were obtained. We’re also continuing to assess and tighten administrative and technical controls to protect data.”

TechCrunch asked Block further questions about the incident’s extent, but the business failed to respond. Square, the finance behemoth, is changing its name to Block as of December 10. The company’s numerous businesses — including music streaming service Tidal, Cash App, TBD, and, of course, square — will be unified under the new moniker, which has been in the works for almost a year. This news comes only days after Jack Dorsey, the creator and CEO of Square, stepped down as CEO of Twitter, which he also co-founded.