Over 8 million Cash App users possibly affected by data breach from a former employee

Credit: Unsplash/CC0 Public Domain

Over 8 million users of the mobile payment app Cash App could be affected by a data breach after a former employee of the company downloaded reports containing the personal information of U.S. users.

On Monday, Block, the financial service that owns Cash App and was created by Twitter founder Jack Dorsey, announced it learned the former employee downloaded the information in December, according to a report filed with the U.S. Securities and Exchange Commission.

Although the ex-employee had access to the information during employment, the report says the information was downloaded after the employee was no longer with the company.

The data downloaded didn't include usernames, passwords, Social Security numbers or bank account information, but it did include full names and brokerage account numbers, which are used to identify a user's stock activity on Cash App Investing. Some information also breached "included brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day."

The filing says the only potentially affected users include those in the U.S. who use Cash App Investing, which is around 8.2 million users. Block said it is contacting all current and former customers of the feature "to provide them with information about this incident and sharing resources with them to answer their questions."

Block added it has also notified law enforcement of the breach.

"The Company takes the security of information belonging to its customers very seriously and continues to review and strengthen administrative and technical safeguards to protect the information of its customers.

"Although the Company has not yet completed its investigation of the incident, based on its preliminary assessment and on the information currently known, the Company does not currently believe the incident will have a material impact on its business, operations, or ," the filing stated.

Adam Darrah, director of intelligence services at cyber security company ZeroFox, told USA TODAY the incident shouldn't directly affect users but could impact them if that data is eventually stolen.

"This by itself is not valuable. It has to be paired with other stuff," Darrah said. "Bad guys can then be more efficient in their illegal shenanigans, meaning breaking into an account and taking stuff out of an .

"They'll use their magic machines that they have to try to find specific accounts that they can break into. That's most likely endgame here," he added.

Darrah advised all Cash App users update their passwords and enable two factor authentication to protect themselves from any future concerns.

USA TODAY has reached out to Cash App for comment.

(c)2022 USA Today
Distributed by Tribune Content Agency, LLC.

Citation: Over 8 million Cash App users possibly affected by data breach from a former employee (2022, April 7) retrieved 15 July 2024 from https://techxplore.com/news/2022-04-million-cash-app-users-possibly.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Robinhood hit by data breach exposing users' emails, names


Feedback to editors