More than 8 million users of the mobile payment application Cash App could have been impacted by a data breach, according to a filing this week through the U.S. Securities and Exchange Commission by parent company Block Inc.
On Monday, Block announced it had learned a former employee downloaded “certain reports of its subsidiary Cash App Investing LLC” in December without permission.
TIKTOK SHARES MORE OF YOUR DATA THAN ANY OTHER APP, AND A STUDY SAYS IT’S NOT CLEAR WHERE IT GOES
That data, according to the filing, did not include usernames, passwords, Social Security numbers, birthdays, addresses, or bank account information. It did, however, include full names and brokerage account numbers which the company said are used to identify a user’s “stock activity on Cash App Investing.”
For some customers, the downloaded data also included “brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day.”
After Block was made aware of the data breach, the company said it, along with an outside counsel, launched an investigation into the matter with the help of a leading forensics firm.
The only users affected, according to the filing, are the 8.2 million past and present Cash App users who use Cash App Investing. The company said it is working to contact those users to provide them with information regarding the incident.
The company also said it has notified law enforcement of the data breach.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
“Future costs associated with this incident are difficult to predict,” the filing stated. “Although the Company has not yet completed its investigation of the incident, based on its preliminary assessment and on the information currently known, the Company does not currently believe the incident will have a material impact on its business, operations, or financial results.”
In a statement to Fox News, a spokesperson for Cash App said the company is “committed to the security” of its users.
“At Cash App we value customer trust and are committed to the security of customers’ information,” the spokesperson said. “Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. We are also contacting customers whose data was impacted. In addition, we continue to review and strengthen administrative and technical safeguards to protect information.”