Block admits former employee was behind Cash App US customer data breach
Block, formerly known as Square, has confirmed a data breach that involved a former employee downloading reports from its bitcoin-enabled Cash App that contained information about its US customers.
In a filing with the Securities and Exchange (SEC), first spotted by The Wall Street Journal, Block said that certain Cash App Investment reports were accessed by a former employee on 10 December 2021.
“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” Block stated.
The information in the reports included full names and brokerage account numbers, which is the unique identification number associated with a customer’s stock activity on Cash App Investment. For some customers, the reports also included brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for one trading day, the company said.
Block assured the reports, however, did not include usernames or passwords, social security numbers, date of birth, payment card information, addresses, bank account information, or any other personally identifiable information.
“They also did not include any security code, access code, or password used to access Cash App accounts. Other Cash App products and features (other than stock activity) and customers outside of the United States were not impacted,” Block added.
While Block did not confirm how many were directly affected by the data breach, it said that it was contacting approximately 8.2 million current and former customers to inform them about the incident, as well as applicable regulatory authorities and law enforcement.
“The company takes the security of information belonging to its customers very seriously and continues to review and strengthen administrative and technical safeguards to protect the information of its customers,” the company said.
The company added that while the investigation of the incident has not been completed, it does not believe the breach will have any material impact on its business, operations, or financial results.
During the company’s Q4 results, Block reported Cash App generated $2.6 billion of revenue and $518 million of gross profit, which increased 18% and 37% year-over-year, respectively.
For the full year of 2021, Cash App generated $10.01 billion of bitcoin revenue and $218 million of bitcoin gross profit, up 119% and 124% year-over-year, respectively. In December, there were more than 44 million transactions on Cash App, an increase of 22% year-over-year.