Pretty much all apps and services you sign up for require you to submit personal information. Some apps and services, especially if they revolve around finance, will also require more intimate details about the user to verify who they say they are during the “know your customer” process.
We imagine that most people assume that companies would keep that data secure, but that isn’t always the case. In fact, if you use Block’s (formerly known as Square) Cash App, it seems that the company has confirmed in a filing with the Securities and Exchange Commission that the app has suffered a data breach.
This breach wasn’t because of poor security that allowed hackers to gain access to the company’s servers and databases, but rather it came about after a former employee downloaded reports from the app that contain US customer information. According to Block, it has been estimated that this will affect about 8.2 million current and former users.
This information includes things like users’ full names, brokerage account numbers, portfolio value, holdings, and trading activity, but other than that, Block claims that no other personally identifiable information like passwords or payment card information was part of the breach. The company also released a statement to TechCrunch saying:
“At Cash App we value customer trust and are committed to the security of customers’ information. Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. In addition, we continue to review and strengthen administrative and technical safeguards to protect information.”