Block Inc., the parent company of Cash App, has confirmed a data breach affecting users of the popular mobile payments service. Initially released in 2013, Cash App is a mobile payment service developed by Block. It is one of the biggest services in its category alongside the likes of Venmo, reporting 70 million annual transacting users and $1.8 billion in gross profit in 2021.
Block was co-founded by Twitter founder and CEO Jack Dorsey and owns a number of popular services apart from the Cash App. These include the music streaming service Tidal, payments platform Square, and crypto platform TBD. The company was earlier known as Square but changed its corporate name to Block last year. Cash App was earlier known as Square Cash.
In a filing with the United States Securities and Exchange Commission (SEC) on April 4, Block revealed that a former employee had downloaded and accessed company documents that contained customer data. According to the company, the leaked data includes the full names of users, as well as their portfolio value, portfolio holdings, and stock trading activity for one trading day. According to Block, no other personally identifiable information was revealed in the data breach, as the downloaded reports did not include passwords, Social Security numbers, dates of birth, payment card information, addresses, bank account information, etc. The company also claimed that other Cash App features were not affected by the leak, and non-U.S. customers were not impacted by the incident.
Block Is Investigating The Data Breach
The data breach took place on December 10, 2021, although it's not immediately clear if the leaked data includes information related to that particular day. Block did not confirm how many customers were directly impacted by the data breach but said that it was sending out notifications to around 8.2 million users to inform them about the incident. The company also said that it has launched an internal investigation and notified the applicable regulatory authorities and law enforcement. While the full investigation is yet to be completed, the company believes this will not negatively impact its business or operations in the future.
Data breaches have become increasingly common, impacting companies big and small. In the last few years alone, several companies reported massive data breaches, including Samsung, Nvidia, Robinhood, Amazon, Facebook, Capcom, T-Mobile, and Spotify, to name a few. However, while most of the aforementioned data breaches were the work of cyber-criminals who accessed the company's servers from the outside, the Cash App data breach is different, as it was a former employee who accessed user data without permission.
Source: SEC