Mobile payment service Cash App notified 8.2 million current and former customers in the United States about a data leak after a former employee gained access to their account information.
Block, the company that owns the Cash App, reported in an 8-K SEC form that the hack occurred on December 10, 2021 after a former employee uploaded internal Cash App reports. The reports included the full names of Cash App customers and brokerage account numbers related to Cash App investment activities. In the case of some clients, additional information was disclosed in the reports, including holdings and trading activity for one trading day.
The data leak did not include sensitive information such as credentials, social security numbers, payment information, any security codes, access codes or passwords to Cash App accounts. Other products, Cash App features (other than stock transactions) and customers outside the US were not affected.