Do you use the popular smartphone app "Cash App?" 

If so, you're certainly not alone.  It is wildly popular and used by millions of people around the world.

As one of the most wildly popular things on the web, that has made it a target. Cash App was formerly known as Square. Recently, they submitted a filing to the SEC (Securities and Exchange Commission) acknowledging that they had been breached.

This was not a conventional hacking attack, however.  In this instance it was a matter of a former employee accessing sensitive customer information before leaving the firm.  Based on the filing, the incident occurred on December 10th, 2021.

Apparently, the employee in question had regular access to reports containing customer information as part of their job duties. Upon leaving the firm, the employee somehow re-gained access to that information.


The information stolen from Cash App includes

  • The full names of customers
  • Brokerage account numbers (US customers only)
  • Brokerage portfolio value
  • Brokerage portfolio holdings
  • Stock trading activity

Cash App has launched a formal investigation into the matter and retained the services of a third-party forensics firm.

Beyond that, details about the incident are somewhat sparse.  All we know beyond what we mentioned above is that the former employee accessed the records of more than eight million Cash App current and former customers. In addition, the firm is currently in the process of reaching out to all impacted users to inform them.

As is generally the case in the aftermath of an incident like this, Cash App stressed that they take customer security very seriously and will be conducting a complete review of their processes to minimize the chances of a repeat occurrence in the future.  Cash App also stressed that the future costs associated with the incident based on its preliminary assessment are virtually impossible to predict.


My perspective

In any case, if you are a current or former Cash App customer be on the lookout for communication from the company if you're one of the people potentially impacted by the breach.


As Oliver would say:
"Well, here's another nice mess you've gotten me into"


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.


Contact me if you would like me to speak to your association