Block disclosed at the moment {that a} safety breach involving a former worker impacts 8.2 million Cash App customers. In an SEC filing, the corporate reported that an ex-employee on December tenth downloaded numerous reports with info on buyer info. The exfiltrated information included full names, brokerage account numbers, brokerage portfolio worth, brokerage portfolio holdings and stories of inventory buying and selling exercise.

According to the submitting, solely clients that used Cash App’s stock function are doubtlessly included within the breach. While Cash App obtained its begin as a peer-to-peer fee app, its clients also can use it to purchase shares and Bitcoin. No different Cash App options outdoors of shares had been concerned within the breach, nor did it embody any clients outdoors of the US, based on the corporate. 

“The reports did not include usernames or passwords, Social Security numbers, date of birth, payment card information, addresses, bank account information, or any other personally identifiable information. They also did not include any security code, access code, or password used to access Cash App accounts. Other Cash App products and features (other than stock activity) and customers outside of the United States were not impacted,” wrote Block within the submitting.

Block has launched a proper investigation into the incident and has contacted regulation enforcement. It additionally plans on notifying all 8.2 million clients concerned within the breach by electronic mail.

According to the submitting, the ex-employee as soon as had entry to the client info as an worker at CashApp. But by the point the breach occurred, that they had already been gone from the corporate for a number of months. It’s unclear how a former worker was nonetheless in a position to retrieve such extremely delicate info. Engadget has reached out to Block for a response, and can replace if we hear again.