IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Cash App Data Breach Could Impact More Than 8M People

Cash App, a popular mobile payment service, said a data breach could potentially affect 8.2 million of the app’s current and former users. A former employee inappropriately downloaded reports with customer data.

Finger hovering over Cash App mobile app
Shutterstock/natmac stock
(TNS) — The mobile payment service Cash App experienced a data breach that could affect some of its 8.2 million current and former users, parent company Block Inc. confirmed this week.

In a filing with the U.S. Securities and Exchange Commission, Block said that on Dec. 10, a former employee downloaded reports with customer information.Accessing those reports was part of the former employee’s job, but the reports were accessed without permission after the employee was no longer with the company, the filing said.

If you’re a Cash App user, here’s what you need to know.

WHAT DATA WAS COMPROMISED?


In the April 4 filing, the company said that the stolen reports contained customers’ full names and their brokerage account numbers, or the unique number associated with a customer’s stock activity on Cash App Investing.

The reports may have also included some customers’ brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for one day, the filing said.

WHAT DATA IS STILL SAFE?


The stolen reports did not include any customers’ usernames, passwords, Social Security numbers, birthdates, addresses, payment card information, bank account information or “any other personally identifiable information,” the company said in the filing.

They also did not include security codes or access codes that could be used to access Cash App accounts, the filing said.

WHO’S AFFECTED?


In the filing, Block said that Cash App Investing will reach out to about 8.2 million current and former app users. Customers outside the U.S. weren’t impacted, and other products owned by Block — including Bitcoin company Spiral, music streaming service Tidal and payment platform Square — weren’t affected, the company said.

WHAT HAPPENS NEXT?


The company said it’s launched an investigation into the breach, and that law enforcement and regulatory authorities have been notified, the filing said.

In an emailed statement to McClatchy News, a Cash App spokesperson said the company will notify impacted users of the breach and will “continue to review and strengthen administrative and technical safeguards to protect information.”

It’s not clear if there are any measures customers can take to make their information more secure following the breach.

“For any questions customers have about this incident they may reach out to Customer Support,” the spokesperson said.

©2022 The Charlotte Observer. Distributed by Tribune Content Agency, LLC.
Sign up for GovTech Today

Delivered daily to your inbox to stay on top of the latest state & local government technology trends.