An Ex-Employee Is Behind the Cash App Breach Impacting Over 8 Million Users. Here's Everything We Know So Far. According to the company's SEC filing, the former employee downloaded reports containing U.S. customer data on December 10.

By Amanda Breen

Block Inc. confirmed Monday that a security breach initiated by a former employee several months ago has potentially impacted 8.2 million users of Cash App, the mobile-payment service that facilitates the transfer of funds, and, more recently, the purchase of stocks and Bitcoin. According to the company's SEC filing, the ex-employee downloaded reports containing U.S. customer data on December 10.

The filing also reveals that only customers who used the app's stock-related features were affected by the breach. The reports in question included customers' full names and brokerage account numbers, and in some cases, also included brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity. They didn't include usernames or passwords, Social Security numbers, dates of birth, payment-card information, addresses, bank-account information or any other personally identifiable information.

Related: The How-To: Protect Your Business From a Data Breach

At one point, the ex-employee "had regular access to these reports as part of their past job responsibilities," the filing states, but their employment had already come to an end when the download occurred. Block declined to answer TechCrunch's questions as to why a former employee was still able to access the reports, and for what length of time they continued to have access following their employment's end.

"At Cash App we value customer trust and are committed to the security of customers' information," Cash App spokesperson Danika Owsley told TechCrunch in a statement. "Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. In addition, we continue to review and strengthen administrative and technical safeguards to protect information."

Block's investigation of the incident is ongoing.

Related: 8 Ways a Data Breach Could Take Out Your Company Tomorrow

Block, formerly known as Square, is also behind numerous other enterprises, including music-streaming service Tidal and Bitcoin company Spiral.

Block, Inc. was down more than 7% as of 10:12 a.m. ET.

Wavy Line
Amanda Breen

Entrepreneur Staff

Features Writer

Amanda Breen is a features writer at Entrepreneur.com. She is a graduate of Barnard College and received an MFA in writing at Columbia University, where she was a news fellow for the School of the Arts.

Editor's Pick

A Leader's Most Powerful Tool Is Executive Capital. Here's What It Is — and How to Earn It.
Lock
One Man's Casual Side Hustle Became an International Phenomenon — And It's on Track to See $15 Million in Revenue This Year
Lock
3 Reasons to Keep Posting on LinkedIn, Even If Nobody Is Engaging With You
Why a Strong Chief Financial Officer Is Crucial for Your Franchise — and What to Look for When Hiring One

Related Topics

Business News

More Americans Are Retiring Abroad, Without a Massive Nest Egg — Here's How They Made the Leap

About 450,000 people received their social security benefits outside the U.S. at the end of 2021, up from 307,000 in 2008, according to the Social Security Administration.

Business News

Woman Ties the Knot at White Castle Almost 30 Years After the Chain Gave Her Free Food as a Homeless Teen

Jamie West was just 12 years old when she ran away from the foster care system.

Business News

Lululemon Employees Say They Were Fired for Trying to Stop Shoplifters

Two Georgia women say Lululemon fired them without severance for trying to get thieves out of the store.

Business News

New York Lawyer Uses ChatGPT to Create Legal Brief, Cites 6 'Bogus' Cases: 'The Court Is Presented With an Unprecedented Circumstance'

The lawyer, who has 30 years of experience, said it was the first time he used the tool for "research" and was "unaware of the possibility that its content could be false."

Business News

The Virgin Islands Want to Serve Elon Musk a Subpoena, But They Can't Find Him

Government officials would like to talk to Tesla's owner as part of an investigation into the Jeffrey Epstein case.