A former employee of Block (formerly known as Square) is accused of downloading Cash App reports containing sensitive data belonging to customers, according to multiple reports on Wednesday (April 6).
Block said in a filing with the U.S. Securities and Exchange Commission (SEC) that a former employee was permitted to access and download the reports as part of his job but the action was taken without permission after the person was no longer an employee.
The data affected by the breach include full names of consumers, brokerage account numbers, holdings, portfolio values and stock trading activity for the day.
“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” according to the filing.
Block conducted a review of the leaked reports and said it’s reaching out to the 8.2 million current and former Cash App users to inform them about the breach. The victims will be advised about the information that was exposed and what they can do to lower the risk of fraud and unauthorized access to their accounts.
“I speak to data breach victims almost every day, and many don’t fully grasp the impact a breach can have,” attorney Richard P. Console, Jr. told JDSupra. “Once your sensitive personal data falls into the hands of cybercriminals, you have a much higher risk of identity theft for the rest of your life. If a company allows your personal data to be stolen, holding that company accountable through a class action lawsuit may be the only way to obtain fair compensation and to send a message to other companies to be more careful.”
Block, headquartered in Silicon Valley, owns numerous businesses, including Cash App, Afterpay, Weebly and Tidal. The company has a workforce totaling about 8,500 employees and generates an estimated $17 billion in annual revenue.
In the SEC filing, Block said that the company takes consumers’ data security seriously and is continuing to review and strengthen its administrative and technical safeguards. Its investigation is still ongoing, and costs associated with the incident can’t be predicted.
Based on its preliminary assessment and currently known information, Block said that it doesn’t think the breach will result in a material impact on its business, operations or financial results, according to the filing.