More than 8 million Cash App Investing customers may have had personal data compromised after a former employee downloaded internal reports without permission, parent company Block Inc revealed in a regulatory filing earlier this week.
The breach solely impacted Cash App Investing users, according to the filing Monday, not the company’s more popular peer-to-peer payment product, Cash App. Block, formerly known as Square, said it is reaching out to roughly 8.2 million current and former customers about the incident.
“At Cash App we value customer trust and are committed to the security of customers’ information,” Danika Owsley, a spokesperson for Cash App, told CNN Business in a statement. “Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm.”
Information in the reports accessed by the former employee included customers’ full names and brokerage account number, which is the personal identification number associated with a customers’ stock activity on the platform. For some customers, the data accessed also included the value and holdings of the brokerage portfolio, as well as some trading activity, according to the SEC filing.
The former employee downloaded the data in December, after their employment with the company had ended, according to the filing. “We know how these reports were accessed, and we have notified law enforcement,” Owsley said in the statement. The company declined to provide further details on how the incident occurred.
In her statement, Owsley said the company continues to “review and strengthen administrative and technical safeguards to protect information.”
The filing added that the reports accessed by the former employee did not include usernames or passwords, Social Security numbers, date of birth, payment card information, addresses, bank account information or “any other personally identifiable information.”