Do you use the popular smartphone app “Cash App?” If so, you’re certainly not alone. It is wildly popular and used by millions of people around the world.
As one of the most wildly popular things on the web, that has made it a target. Cash App was formerly known as Square. Recently, they submitted a filing to the SEC (Securities and Exchange Commission) acknowledging that they had been breached.
This was not a conventional hacking attack however. In this instance it was a matter of a former employee accessing sensitive customer information before leaving the firm. Based on the filing, the incident occurred on December 10th, 2021.
Apparently the employee in question had regular access to reports containing customer information as part of their job duties. Upon leaving the firm, the employee somehow re-gained access to that information.
The information taken from Cash App includes:
- The full names of customers
- Brokerage account numbers (US customers only)
- Brokerage portfolio value
- Brokerage portfolio holdings
- Stock trading activity
Cash App has launched a formal investigation into the matter and retained the services of a third-party forensics firm.
Beyond that, details about the incident are somewhat sparse. About all we know beyond what we mentioned above is that the former employee accessed the records of more than eight million Cash App current and former customers. In addition, the firm is currently in the process of reaching out to all impacted users to inform them.
As is generally the case in the aftermath of an incident like this, Cash App stressed that they take customer security very seriously and will be conducting a complete review of their processes to minimize the chances of a repeat occurrence in the future. Cash App also stressed that the future costs associated with the incident based on its preliminary assessment are virtually impossible to predict.
In any case, if you are a current or former Cash App customer be on the lookout for a communication from the company if you’re one of the people potentially impacted by the breach.