TechCrunch reports that Block's mobile payment service Cash App
has been breached after a former employee downloaded reports with sensitive information from U.S. customers.
An insider was able to access the reports, which contained users' complete names and brokerage account numbers, on Dec. 10, said Block in a filing with the Securities and Exchange Commission
Some users also had their brokerage portfolio holdings, brokerage portfolio value, and stock trading activity for a single trading day compromised. However, Block emphasized that usernames, passwords, Social Security numbers, and payment card data have not been accessed.
"While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended," said the filing.
While Block declined to confirm whether the data is still being accessed by the former employee or how long the former employee had access to the reports, the company said that it has been informing nearly 8.2 million current and former clients regarding the breach.