A former employee of Cash App was able to access customer information for millions of users.
The SEC was notified of the breach by Block on Monday. The filing states that a former employee downloaded reports that contained customer information. This included full names, account numbers, and one day of stock trading activity.
While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended. This statement was very similar to Block's SEC filing.
Cash App did not say how many people were impacted, but it did say that 8.2 million current and former customers are being contacted. Information such as usernames, passwords, dates of birth, Social Security numbers, addresses, and bank account information were not compromised.
Cash App launched an investigation with the help of a leading forensics firm after discovering the issue. Customers whose data was impacted are being contacted. We review and strengthen administrative and technical safeguards to protect information.
Cash App stated in the SEC filing that it currently believes the incident will not have a material impact on its business or financial results. Customers are never reassured by incidents such as these.