Block, the parent company of products like Cash App and Tidal, said in a SEC filing that a former employee downloaded “certain reports” that “contained U.S. customer information” without permission from Cash App Investing (via Protocol).
The data in the reports, which Block said was downloaded Dec. 10, included “full name and brokerage account number” and for “some clients” included “brokerage portfolio value, brokerage portfolio holdings, and/or activity.” stock trading for a trading day. The employee, who downloaded the data after leaving the company, had access to the reports “as part of his previous job responsibilities,” according to Block.
“The reports do not include usernames or passwords, Social Security numbers, date of birth, payment card information, addresses, bank account information, or any other personally identifiable information,” Block said. “They also did not include any security codes, access codes, or passwords used to access Cash App accounts. Other Cash App products and features (other than trading activity) and customers outside of the United States were not affected. ”. Block says that he is contacting “approximately 8.2 million current and former customers” regarding the incident.
“At Cash App we value customer trust and are committed to the security of customer information,” Cash App spokeswoman Danika Owsley said in a statement to the edge. “Following the discovery, we took steps to remedy this issue and launched an investigation with the help of a leading forensic firm. We know how these reports were accessed and have notified law enforcement. We are also contacting customers whose data was affected. In addition, we continue to review and strengthen administrative and technical safeguards to protect information.”
Update April 5, 7:34 pm ET: Added Cash App statement.