Yes, Cash App had a data breach. Here’s who’s impacted

Block, Inc. has reported a Cash App Investing data breach impacting millions of current and former customers. Here’s what you need to know.
Credit: Courtesy of Cash App
Cash App logo

Cash App has become a popular way for people to send money, invest in the stock market and buy cryptocurrency like Bitcoin.

But recent reports say there is a data breach impacting millions of its customers. Google Trends data also shows people are searching for information about the reported Cash App breach.


Was Cash App affected by a data breach?



This is true.

Yes, Cash App was affected by a data breach that impacted U.S. customers who used Cash App’s investing services.   


Block, Inc., the company that owns Cash App, filed a report with the Securities and Exchange Commission (SEC) on April 4 about a data breach impacting millions of users. 

The filing says Block “recently determined” that a former employee downloaded Cash App Investing reports that contained some customer information on Dec. 10, 2021. Though the employee had “regular access to these reports as part of their past job responsibilities,” they accessed the reports without permission after their employment ended. 

The data breach impacted current and former U.S. customers who used Cash App’s investing services, according to the SEC filing. Other Cash App products and features apart from stock activity were not impacted by the breach.

Cash App Investing is contacting approximately 8.2 million people to provide them with information about the breach, the filing says. 

So what data may have been compromised? 

The reports included customers’ full names and brokerage account numbers, which are the unique numbers associated with a customer’s stock activity on Cash App Investing. For some customers, the reports also included portfolio value, holdings and/or stock trading activity for one trading day, the SEC filing and a Cash App spokesperson confirm.

Usernames and passwords, Social Security numbers, date of birth, payment card information, addresses or bank information were not included in the reports. The reports also didn’t include security codes, access codes, or passwords used to access Cash App accounts. 

In a statement to VERIFY, a Cash App spokesperson said the company values customer trust and is “committed to the security of customers’ information.” 

Cash App launched an investigation with the help of a forensics firm, according to the spokesperson and SEC filing. Cash App has also notified law enforcement of the breach.

“In addition, we continue to review and strengthen administrative and technical safeguards to protect information,” the Cash App spokesperson said. 

More from VERIFY: Yes, you do have to pay taxes on cryptocurrency

The VERIFY team works to separate fact from fiction so that you can understand what is true and false. Please consider subscribing to our daily newsletter, text alerts and our YouTube channel. You can also follow us on Snapchat, Twitter, Instagram, Facebook and TikTok. Learn More »

Follow Us

Want something VERIFIED?

Text: 202-410-8808

Related Stories