A former employee hacked the Cash App, affecting 8.2 million people.

A data breach affecting approximately 8.2 million Cash App Investing customers in the United States was discovered by a former employee of the mobile payment service provider.

The breach was disclosed by Block, Cash App's parent company, in a regulatory filing with the Securities and Exchange Commission on Monday. Current and former customers' full names, brokerage account numbers, brokerage portfolio values, brokerage portfolio holdings, and/or stock trading activity for one trading day were all exposed as a result of the unauthorized access on Dec. 10, 2021.

According to Block, the breach did not expose usernames, passwords, Social Security numbers, dates of birth, payment card information, addresses, bank account information, or any other personally identifiable information.


The fact that the unnamed individual accessed the information after his or her employment with the company had ended was particularly noteworthy. Block stated that the individual "had regular access to these reports as part of their past job responsibilities," implying that those permissions were not revoked promptly after his or her departure.


According to Block, the company and its outside counsel have launched an ongoing investigation into the matter. The company stated that it has notified all relevant regulatory authorities and law enforcement agencies.


"The company takes the security of information belonging to its customers very seriously and continues to review and strengthen administrative and technical safeguards to protect the information of its customers. Future costs associated with this incident are difficult to predict,” Block said. “… [B]ased on its preliminary assessment and on the information currently known, the company does not currently believe the incident will have a material impact on its business, operations, or financial results."

By fLEXI tEAM