Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Over 8 million customers affected in Cash App data breach

Last updated

On Monday, financial services and digital payment company, Block, Inc., filed a report stating that the company had suffered a data breach when a former Cash App employee accessed customer records without permission.

The breach occurred on December 10, 2021, when the former employee accessed and downloaded customer reports within the company's database.

Block, the parent company of Cash App, submitted a filing to the US Securities and Exchange Commission on April 4, publicly acknowledging the breach.

The company did not say how many customers were impacted by the breach, but told TechCrunch that it was contacting 8.2 million current and former users about the incident.

The reports included clients' full names and brokerage account numbers. In addition, some clients had their brokerage portfolio value, holdings, and stock trading activity exposed for one day.

No personally identifiable information beyond names was accessed, according to Block. User names, passwords, Social Security numbers, home addresses, and payment info were unlikely to be exposed.

The company also stated that other Cash App-related products and features outside of the United States were not affected.

Block notes that the company launched an internal investigation immediately after discovering the breach. In addition, the company is seeking the help of appropriate regulatory authorities and law enforcement.

Block, formerly known as Square, is known for its Square Reader platform. However, the company has many other ventures, including Tidal, a music streaming service, Spiral, the company's cryptocurrency branch, and Cash App.



6 Comments

sflocal 16 Years · 6138 comments

My co-worker discovered two weeks ago that someone was in the process of stealing his identity.  Credit cards were attempting to be opened and a change-of-mailing address filled out.  He was able to stop it during the initial application process when a bank contacted him directly about some strange email addresses being used to open up credit card accounts in his name.

Watching my coworker go through this at the office, contacting seven banks that pinged his credit report and the seeing the bureaucracy, ineptness, and uncaring attitude of the people on the phone was jarring.  Not only did he immediately freeze all his credit reports, it made me do the exact same thing.

To this day, I'm still infuriated at how Experian's management got a slap on the wrist for how it handled the massive data breach that included all identifiable information of countless people.  Our personal information is out there, probably on the dark web waiting to be used against us all.

Companies will do only the bare minimum to safeguard our information and there should be more severe consequences for these companies and their executives.  Sloppy.

chadbag 13 Years · 2029 comments

Couldn’t have happened to a nicer company…

macwise 13 Years · 86 comments

chadbag said:
Couldn’t have happened to a nicer company…

I LOVE Square Cash. I live in the sector of the multiverse where the likes of PayPal somehow hook the mindless masses. Sigh.

dewme 10 Years · 5775 comments

sflocal said:
My co-worker discovered two weeks ago that someone was in the process of stealing his identity.  Credit cards were attempting to be opened and a change-of-mailing address filled out.  He was able to stop it during the initial application process when a bank contacted him directly about some strange email addresses being used to open up credit card accounts in his name.
Watching my coworker go through this at the office, contacting seven banks that pinged his credit report and the seeing the bureaucracy, ineptness, and uncaring attitude of the people on the phone was jarring.  Not only did he immediately freeze all his credit reports, it made me do the exact same thing.

To this day, I'm still infuriated at how Experian's management got a slap on the wrist for how it handled the massive data breach that included all identifiable information of countless people.  Our personal information is out there, probably on the dark web waiting to be used against us all.

Companies will do only the bare minimum to safeguard our information and there should be more severe consequences for these companies and their executives.  Sloppy.

Information security (InfoSec) has been a major concern for many years, not only at a personal level with identity theft, but at a corporate level with IP theft as well as theft of customer information. It’s not just private industry either, the situation with government managed information is equally at risk.

It’s easy to develop a fatalistic attitude when you’ve experienced some of the attitudes that exist around existential threats that exist in industry, critical infrastructure, and national defense. There’s a point at which those who are in charge of deciding what needs immediate attention have simply decided to actively ignore the threat. Purposeful self enforced ignorance.

As adults they know that ignoring the problem doesn’t make it go away, but actively engaging and trying to solve or mitigate the problem creates chaos and exposes those in charge to criticism, which is uncomfortable. Nobody likes feeling uncomfortable. This behavior is really no different than people who build homes in areas that experience periodic flooding or natural disasters, or living in a mobile home in tornado alley. The risk is obvious, but we decide to ignore it and deal with the aftermath when the preventable becomes the inevitable.

badmonk 11 Years · 1336 comments

sflocal said:
My co-worker discovered two weeks ago that someone was in the process of stealing his identity.  Credit cards were attempting to be opened and a change-of-mailing address filled out.  He was able to stop it during the initial application process when a bank contacted him directly about some strange email addresses being used to open up credit card accounts in his name.
Watching my coworker go through this at the office, contacting seven banks that pinged his credit report and the seeing the bureaucracy, ineptness, and uncaring attitude of the people on the phone was jarring.  Not only did he immediately freeze all his credit reports, it made me do the exact same thing.

To this day, I'm still infuriated at how Experian's management got a slap on the wrist for how it handled the massive data breach that included all identifiable information of countless people.  Our personal information is out there, probably on the dark web waiting to be used against us all.

Companies will do only the bare minimum to safeguard our information and there should be more severe consequences for these companies and their executives.  Sloppy.

Yeah and why this is not a priority for politicians, officials and technocrats is beyond me.  It creates more harm than their concerns about technology company dominance and would be a solvable problem by leveling fines that are appropriate to the size of the data breach.

As I text this, I have been getting daily unsolicited iMessages on the Verizon network from my own email and random numbers trying to entice me to click on an imbedded link.  We are drowning in cyber crime but all officials seem to think about are—“market dominance,””App-store duopoly,” “inability to side load,” “right to repair” etc etc.  Maybe important issues but maybe fix the problems we are dealing with now.