After a former employee of the company downloaded reports including the personal information of US users, over 8 million users of the mobile payment app Cash App could be affected by a data breach.
According to a filing filed with the US Securities and Exchange Commission on Monday, Block, the financial services firm founded by Twitter founder Jack Dorsey and which owns Cash App, realized the former employee obtained the information in December.
Although the ex-employee had access to the information while working for the organization, the report claims that the material was downloaded after the person had left.
Usernames, passwords, Social Security numbers, or bank account information were not included in the data collected, but complete names and brokerage account numbers were, which are used to track a user’s stock activity on Cash App Investing.
“Brokerage portfolio valuation, brokerage portfolio holdings, and/or stock trading activity for one trading day” were among the data breaches.
According to the filing, the only users who may be affected are those in the United States who utilize Cash App Investing, which numbers roughly 8.2 million people. Block says it will contact all current and previous users of the feature “to give them information about this occurrence and to share resources with them to answer their inquiries,” according to the company.
The incident has also been reported to legal enforcement, according to Block. “The Company takes the security of its customers’ information extremely seriously, and it is constantly reviewing and strengthening administrative and technical protections to secure its customers’ data.
“Although the Company has not yet concluded its investigation into the incident, the Company does not currently believe the incident will have a major impact on its company, operations, or financial results,” according to the filing.
According to Adam Darrah, head of intelligence services at cyber security firm ZeroFox, the incident shouldn’t directly affect users, but it could if the data is taken later.
“This data isn’t really useful on its own. It must be used in conjunction with other items “Darrah said. “Bad guys can therefore be more efficient in their criminal activities, such as breaking into accounts and stealing money from them.
“They’ll try to hack into individual accounts using the magic machines they have. That’s almost certainly the endgame here “Added he. To protect themselves from future threats, Darrah encouraged all Cash App users to alter their passwords and enable two-factor authentication.