The information for more than eight million users of Cash App Investing, a stock trading app run by Block, was exposed when a former employee downloaded corporate reports after leaving the company.
The data exposure was revealed in a regulatory filing by Block.
We launched an investigation with the help of a leading forensics firm after discovering the issue.
The exposed data was only for users of Cash App's investing product, not the person-to-person payment service with 44 million users.
The names and account numbers of customers were retrieved by the former employee. Some customers included their portfolio value, holdings and trading activity. Block said in its filing that the information did not include user names, passwords, Social Security numbers or other personally identifiable details.
Strong internal systems are typically used by companies that deal with financial data. Ms. Lee wouldn't comment on how the former employee gained access or the company's response to the incident.
She said in a written statement that they continue to review and strengthen administrative and technical safeguards.
Financial companies that aren't banks face less scrutiny from regulators about their security systems than banks. Square got a banking charter last year that allows it to offer some banking services, but the unit that operates independently from Cash App is called Square Financial Services.
The idea that a former employee was able to sneak in meant something.
Cash App is one of the most popular person-to-person payment systems in the United States. It now includes merchant payment tools and a tax-preparation system that Block bought from Credit Karma. Users of other products were not affected by the data breach.
Cash App Investing customers said in a forum that they had received email notices about the incident. Many were upset by the incident.
The question is whether or not our names and accounts numbers were leaked to the dark web.