Cash App data accessed by the former employee: over 8M users impacted

Block disclosed a data breach that affected Cash App U.S customers

Cash App breach8 million customers might be affected by the Cash App data breach

A data breach involving the Cash App customer data was confirmed. Block – the company formerly known as Square admitted that the former employee downloaded reports from the network with U.S customer information.[1] The information was, reportedly[2] accessed on December 10th.

The employee had access to these reports as part of their job responsibilities, but this time the information was accessed with permissions when the employment was ended prior.[3] The report included users' full names, brokerage account numbers, portfolio value, holdings, and stocking trading activities for one trading day.

Cash App is advertised as the easiest application used to spend, save money and buy cryptocurrency. It is one of the most popular programs used for the purposes of controlling money. It is not publicly reported by the company how many of the customers get affected by this breach. However, Block contacted around 8.2 million current and former customers to inform them about the incident.

Personally identifiable data not exposed, as far as it is known now

San Francisco-based company noted that there is no personally identifiable information in those reports that have been accessed without permission or authorization. Customer usernames, passwords, social security numbers, dates of birth, payment card details, addresses, bank account information, and other details that could lead to identity theft[4] and direct scams or losses of data and funds were not accessed, according to reports from official sources.

There are additional questions after these reports and confirmations. It is not clear when the breach took place exactly and how it was discovered. There are no details on how far the person managed to access once those reports got obtained. The investigation is ongoing, and these details should be revealed later on.

The company does not currently believe the incident will have a material impact on its business, operations, or financial results

Law enforcement agencies have been informed, and the company states that they are continuing to review and strengthen the safeguards on technical and administrative levels. The information of customers and protecting these details is the primary goal.

Possible data breach consequences

It is not clear how major this data breach is and how many actually affected customers there are. However, these data breach and leak incidents are pretty serious and can lead to various issues with the network for the company or trigger problems with users' life, experiences online.

The financial mater of the application can lead to losses related to funds and cryptocurrency. Organizations directly often have to deal with such losses because costs can include compensation for affected customers, incident response efforts, investigations, and investments in more advanced security measures.

A data breach can cause operational downtime, so disrupted operations can cost a lot for the particular platforms that rely on users' interactions and usage. Processes of investigation take days and even weeks, so this might be a serious consequence.

Of course, the worst thing is the loss of data sensitive to the company or the customer. Sensitive information losses are the worst consequences because personal details can be used to steal identities. Deleted information about people can also be major because lost data or medical records can lead to mistreatment and cost someone their life.[5]

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions