Getting scammed or robbed can make you sick. It is disturbing to learn that your intimate financial information has been stolen. But it’s an unfortunate reality that often lurks in an internet vortex.
When you think of stolen information, it’s hard to miss the opinion of credit reporting company Equifax (EFX) – Get the report from Equifax Inc. 2017 massive hacking incident that exposed 143 million Americans’ social security numbers and other sensitive personal information.
Bad actors were able to trick the system through a software vulnerability to access Equifax databases. It is still considered one of the biggest consumer data hacks that cost the company dearly a record $671 million in the colonies to various federal and state investigators. Heads rolled in senior management and it took Equifax many years to recover from the fallout.
The episode also set off alarm bells in Washington about cybersecurity hacks. In an ideal world, this should have helped prevent such incidents from happening. But even policymakers cannot prevent these events from happening in an absolute sense. It’s a mole game between regulators, companies that become targets, and bad actors.
Cash app hacked
Recently, Jack Dorsey’s payments company, Block (SQ) – Get Block Inc Class A Reportformerly Square, reported an incident similar but in no way similar in scale to the Equifax episode.
A former Block employee downloaded investment client data from Block’s Cash App digital wallet, exposing the trading activity of 8.2 million clients, including in some cases the value of the brokerage portfolio, the holdings of the brokerage book and/or stock trading activity during a trading day. The incident happened on December 10 last year, the company said.
“While this employee had regular access to these reports as part of his prior job responsibilities, in this case these reports were accessed without permission after his employment ended,” the company said in a statement. Filing with the Securities and Exchange Commission April 4.
Scroll to continue
Block’s disclosure comes shortly after President Joe Biden approved a new law which requires key companies to report to the government when they have been hacked.
Block’s Cash App digital wallet has grown in popularity during the pandemic and is a popular way to transfer money to people, including bitcoin. The app generated gross profit of $518 million in the fourth quarter of 2021. The company had more than 13 million monthly active users of its payment card during the quarter.
“Information in the reports included full name and brokerage account number (this is the unique identification number associated with a client’s trading activity on Cash App Investing), and for some clients included also brokerage portfolio value, brokerage portfolio holdings, and/or stock trading activity during a trading day,” the company added in the SEC filing.
Many Cash App accounts have a routing number and a unique account number, allowing customers to deposit funds, transfer them through the app, make online purchases or ATM withdrawals at using the Cash Card, investing in stocks or ETFs, buying bitcoins or transferring to other bank accounts.
Block said the Cash app is creating an ecosystem of financial products and services that helps individuals manage their money by making it more accessible, instantly available and universally accessible.
The reported hack did not include usernames or passwords, social security numbers, date of birth, payment card information, addresses, bank account information, or any other personally identifiable information , Block said.
“They also did not include a security code, passcode, or password used to access Cash App accounts. Other Cash App products and features (other than trading activity) and customers outside the United States were not affected,” Block said in its SEC filing.
Cash App’s investment arm is contacting approximately 8.2 million current and former clients to provide information about this incident and to share resources with them to answer their questions.
The company said it is also notifying relevant regulatory authorities and has notified law enforcement.