By a former employee of the company More than 8 million users of mobile payments app Cash App could be affected by a data breach after they downloaded a report containing users' personal information.
On Monday, the financial services company, which owns Cash App and was formed by Twitter founder Jack Dorsey, announced that a former employee had downloaded information in December, according to a report filed with the US Securities and Exchange Commission. .
Although the former employee had access to the information during employment, the report said the information was downloaded after the employee was no longer with the company.
The downloaded data did not include usernames, passwords, social security numbers or bank account information, but did include full names and brokerage account numbers, which are used to identify a user's stock activity on Cash App Investments . Certain information was also violated "including brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day."
The filing said the only potentially affected users were those in the U.S. Includes those who use Cash App Invest, which is approximately 8.2 million users. Block said it is contacting all current and former customers of the facility to provide them with information about the incident and to share resources to answer their questions.
Block said it has also notified law enforcement of the violation.
“The Company takes the security of information relating to its customers very seriously and continues to review and strengthen administrative and technical security measures to protect the information of its customers.
"While the Company has not yet completed an investigation into the incident based on its preliminary assessment and currently known information, the Company does not currently believe that this event will have any significant impact on its business, operations or financial results." The file is called.
Adam Darrah, director of intelligence services at cybersecurity company ZeroFox, told USA Today that the incident shouldn't directly impact users, but if that data is ultimately stolen, it could affect them.
"This information is not valuable by itself. It has to be combined with other stuff," Darah said. “The bad guys can then become more adept at their illegal shenanigans, which means breaking into an account and getting stuff out of an account.
"They'll use their magical machines to try to find specific accounts they can break. It's most likely here," he said.
Darah advises all Cash App users to update their passwords and enable Two Factor Authentication to protect themselves from any future concerns.