Cash App suffers data breach. Here’s what its millions of customers should know

The mobile payment service Cash App experienced a data breach that could affect some of its 8.2 million current and former users, parent company Block Inc. confirmed this week.

In a filing with the U.S. Securities and Exchange Commission, Block said that on Dec. 10, a former employee downloaded reports with customer information. Accessing those reports was part of the former employee’s job, but the reports were accessed without permission after the employee was no longer with the company, the filing said.

If you’re a Cash App user, here’s what you need to know.

What data was compromised?

In the April 4 filing, the company said that the stolen reports contained customers’ full names and their brokerage account numbers, or the unique number associated with a customer’s stock activity on Cash App Investing.

The reports may have also included some customers’ brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for one day, the filing said.

What data is still safe?

The stolen reports did not include any customers’ usernames, passwords, Social Security numbers, birthdates, addresses, payment card information, bank account information, or “any other personally identifiable information,” the company said in the filing.

They also did not include security codes or access codes that could be used to access Cash App accounts, the filing said.

Who’s affected?

In the filing, Block said that Cash App Investing will reach out to about 8.2 million current and former app users. Customers outside the U.S. weren’t impacted, and other products owned by Block – including Bitcoin company Spiral, music streaming service Tidal, and payment platform Square – weren’t affected, the company said.

What happens next?

The company said it’s launched an investigation into the breach, and that law enforcement and regulatory authorities have been notified, the filing said.

In an emailed statement to McClatchy News, a Cash App spokesperson said the company will notify impacted users of the breach and will “continue to review and strengthen administrative and technical safeguards to protect information.”

It’s not clear if there are any measures customers can take to make their information more secure following the breach.

“For any questions customers have about this incident they may reach out to Customer Support,” the spokesperson said.

This story was originally published April 5, 2022 at 4:57 PM with the headline "Cash App suffers data breach. Here’s what its millions of customers should know."