Block admits former employee was behind Cash App US customer data breach

Block, formerly known as Square, has confirmed a data breach that involved a former employee downloading reports from its bitcoin-enabled Cash App that contained information about its US customers.

In a filing with the Securities and Exchange (SEC), first spotted by The Wall Street Journal, Block said that certain Cash App Investment reports were accessed by a former employee on 10 December 2021.

“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” Block stated.

The information in the reports included full names and brokerage account numbers, which is the unique identification number associated with a customer’s stock activity on Cash App Investment. For some customers, the reports also included brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for one trading day, the company said.

Block assured the reports, however, did not include usernames or passwords, social security numbers, date of birth, payment card information, addresses, bank account information, or any other personally identifiable information.

“They also did not include any security code, access code, or password used to access Cash App accounts. Other Cash App products and features (other than stock

Read More: