Block Reported Data Breach to SEC
The Cash App data breach became public knowledge after Block reported the incident to the U.S. Securities and Exchange Commission (SEC). Though Block filed the report on April 4, the breach took place on December 10, 2021. A former employee allegedly downloaded reports without the company’s permission. “While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” the filing states. The report also provides information on the kinds of data that the employee gained access to, and what they did not. For example, Block clarified that the files did not contain the following:
Login credentials Social Security numbers Date of birth Payment information Addresses Bank account data Any other personally identifiable information
Furthermore, it did not include data used to access Cash App accounts, such as security and access codes, or passwords, according to Block. The company added that customers outside of the United States were not affected.
SEC Says Block is Taking Mitigatory Action
The filing states that the company is reaching out to its current and former customers, which amounts to approximately 8.2 million people. Block is providing them with information about the breach and also sharing resources to answer any queries they may have. The company is also notifying and cooperating with regulatory authorities and law enforcement. Speaking to TechCrunch, Cash App spokesperson Danika Owsley said, “At Cash App we value customer trust and are committed to the security of customers’ information.” Owsley also provided some information on how the company responded to the incident, stating, “Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. In addition, we continue to review and strengthen administrative and technical safeguards to protect information.”
Company Says Incident Won’t Impact Business or Finances
Future costs associated with this incident are difficult to predict. Although Block has not yet completed its investigation of the incident, based on its preliminary assessment and on the information currently known, the company does not currently believe the incident will have a material impact on its business, operations, or financial results. As we continue to move new aspects of our lives online, like work, communication, and investments, it is important to take appropriate measures to secure our data. Even tiny traces of information can accumulate over time and become fodder for cybercriminals. They can use this information to carry out targeted attacks, such as phishing campaigns. You can read more about phishing tactics in our detailed guide. It also provides some helpful tips to protect yourself and what to do if you’ve fallen for a phishing attack.