Block Says Cash App Breach Affected 8 Million Users


Sensitive information for more than eight million users of Cash App Investing, a stock trading app run by Block, owner of the Square payment system, was exposed when a former employee downloaded company reports after he left the company.

Block uncovered a data exposure. editor filing He said Monday and contacted affected customers.

“Once it was discovered, we took steps to resolve this issue and launched an investigation with the help of a leading forensics firm,” said Block spokesperson Fiona Lee. “We know how these reports were accessed and we have notified law enforcement.”

The company said the data disclosed only includes users of Cash App’s investment product, not the person-to-person payment service with nearly 44 million users.

The information was received by the former employee in December and included customers’ names and Cash App brokerage account numbers. For some clients, it also included portfolio values, assets, and certain trading activities. In its filing, Block said the information did not include usernames, passwords, Social Security numbers, and other personally identifiable details.

Companies that deal with financial data often have strong internal systems to protect this information. Ms. Lee specifically declined to comment on how the former employee gained access and whether the company has made adjustments since the breach was discovered.

“We continue to review and strengthen administrative and technical measures to protect information,” it said in a written statement.

Non-bank financial companies often face far less scrutiny from regulators on their security systems than tightly regulated banks. Square received a banking charter last year For Square Financial Services, which allows it to offer some banking services, however, this unit operates independently of the Cash App.

The idea that a former employee had somehow sneaked in meant something had gone badly wrong. “Taking customer data and security seriously requires securing outside access to employee accounts and disabling that access after dismissal, preferably before the employee leaves,” said James McQuiggan, a security specialist at KnowBe4, a cybersecurity training company.

Cash App is one of the most popular person-to-person payment systems in the United States, after Zelle and PayPal’s Venmo. It has grown to include debit cards, commercial payment instruments, and the tax preparation system that Block bought from Credit Karma. Block said the data breach did not affect users of any product other than the investment app.

Cash App Investing customers said: a Reddit forum He said they received email notifications of the incident on Monday. Many were offended by the violation.

“Now the real question is whether our names and account numbers were leaked to the dark web?” Written by a user.



Source link

Leave a Reply

Your email address will not be published.