Block, the company formerly known as Square, has revealed a data breach in which a former employee downloaded unspecified reports related to its Cash App Investing that contained information about its US customers.
“While this employee had regular access to these reports as part of his previous job responsibilities, in this instance, these reports were accessed without permission after their employment was terminated,” the company revealed in an April 4 filing with the U.S. Securities and Exchange Commission ( SEC).
Block advertises Cash App as “the easiest way to send money, spend money, save money and buy cryptocurrency.”
The breach is alleged to have taken place on December 10, 2021, with the downloaded reports containing the full names of the clients, their securities account numbers, and in some cases the value of the securities portfolio, the securities portfolio investments and the stock trading for one trading day.
The San Francisco-based company stressed in the filing that the reports do not contain personally identifiable information, such as usernames or passwords, social security numbers, dates of birth, payment card information, addresses and bank account information.
It’s not known exactly how many users were affected by the breach, but Block — which said it only recently discovered the incident — said it’s contacting about 8.2 million current and former customers as part of its response efforts.
That said, there’s not much clarity about when the breach was discovered or how a former employee of the company still managed to access various records of customer information.
While a formal investigation is underway, the financial platform also said it has notified law enforcement and that it “continues to review and strengthen administrative and technical safeguards to protect its customers’ information”.
“The company does not currently believe that the incident will have a material impact on its operations, operations or financial results,” Block added.