Block, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers.
“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” the firm revealed in a April 4 filing with the U.S. Securities and Exchange Commission (SEC).
Block advertises Cash App as “the easiest way to send money, spend money, save money, and buy cryptocurrency.”
The breach is said to have occurred last year on December 10, 2021, with the downloaded reports including customers’ full names as well as their brokerage account numbers, and in some cases, brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for one trading day.
The San Francisco-based company emphasized in the filing that the reports did not feature personally identifiable information such as usernames or passwords, Social Security numbers, dates of birth, payment card information, addresses, and bank account details.
It’s exactly unknown how many users were impacted by the breach, but Block — which said it discovered the incident only recently — said it’s contacting roughly about 8.2 million current and former customers as part of its response efforts.
That said, there’s not much clarity as to when the breach was discovered and how a former employee with the company still managed to access several records containing customer information.
While a formal investigation is underway, the financial platform also said it has notified law enforcement and that it “continues to review and strengthen administrative and technical safeguards to protect the information of its customers.”
“The company does not currently believe the incident will have a material impact on its business, operations, or financial results,” Block added.