Former Cash App employee steals data of 8.2 million users

The mobile payment service Cash App has reported a major security breach involving a former employee and affecting more than 8 million users of its system.

The data relates only to stock market activity

Block, formerly known as Square and founded by former Twitter CEO Jack Dorsey, filed a complaint with the Securities and Exchange Commission (SEC), the US federal financial market regulator. She explains that Cash App, of which she is the parent company, was the victim of data theft from one of her former employees.

In the same category

Huawei Rotating Chairman Guo Ping speaking at the conference

Huawei: a mixed 2021 report

This December 10, when he had left his position in the company for several months already, he managed to download documents containing information on users of the service. As explained Vicethis flight concerns only “ full name and brokerage account number (this is the unique identification number associated with a client’s trading activity on Cash App Investing) and, for some clients, brokerage portfolio value, brokerage portfolio holdings and/or trading activity for a trading day “. 8.2 million users are affected; the firm contacts them to provide them with information about the incident and share resources with them to answer their questions.

As a reminder, Cash App was initially a mobile payment service, but it has now developed to allow its users to buy shares and bitcoins. According to the company, no other Cash App features outside of stocks were implicated in the data breach, while no customers outside of the United States are affected by it.

Bitcoin coins.Bitcoin coins.

Cash App allows its users to buy bitcoins. Photography: Kanchanara / Unsplash

Cash App attempts to unravel the mystery

While this employee had regular access to these reports as part of his previous job responsibilities, in this case, these reports were accessed without authorization after his employment ended. “says Cash App. Logically, when a person leaves his post, his access to his account and to the information in it is cut off, so it is still difficult to know how he managed to access the documents.

The reports did not include usernames or passwords, social security numbers, date of birth, payment card information, addresses, bank account information, or any other information that identifies individuals. They also did not include a security code, passcode or password used to access Cash App accounts. “Nevertheless assures Block in his complaint.

This is not the first time that employees of large technology companies have abused the personal data of their users. In 2019, for example, Snapchat employees used a tool to illegally access user information.

ttn-4