Data from 8.2 million Cash App users. Only US users who have used the stock market features are affected.
We learned today that a security breach involving a former employee has affected at least 8.2 million Cash App users. In a report to the SEC, the company says that on Dec. 10, a former employee downloaded a number of reports containing personal information about users. Data collected in this way includes full names, brokerage account numbers, portfolio values, and activity reports.
Data from 8.2 million Cash App users in the wild
According to the filing, this vulnerability only potentially affects users who used the behavior control feature. Although Cash App started out as a peer-to-peer payment business, its customers can also use it to buy stocks and bitcoin. No other features of the Cash App other than those related to promotions are affected by this vulnerability, and according to the company, only US users are affected.
Only US users who have used the stock market features are affected.
“The reports contained no username, no password, no social security number, date of birth, payment card or bank account information, address, or any other personally identifiable information. Also, no security codes, passwords or passwords were used to access Cash App accounts. Other Cash App products and features (other than stock transactions) and non-U.S. customers are not affected.
An official investigation has been launched to shed light on this incident and the authorities have been notified. The 8.2 million concerned users should also receive an email to inform them of this security incident.
According to documents filed with the SEC, the former employee had access to user information as a Cash App employee. But by the time the breach occurred, the man had been out of the company for several months. At present, no one knows exactly how the former employee was able to recover such sensitive information…