The backers of the popular consumer payments app announced Monday that millions of customers are being contacted to warn that some of their personal information may have been compromised. Credit: PeopleImages / Getty Images In an SEC filing made on Monday, Cash App parent company Block, Inc., said that it was working to contact roughly 8.2 million past and present customers of its investment services, as names, brokerage portfolio values and account numbers were compromised in a data breach.According to Block’s form 8-K, a employee who had regular access to the records during their employment downloaded customer records after leaving the company. The reports didn’t contain Cash App usernames or passwords, and the company said that Social Security numbers, birthdays, payment card info and most other types of personally identifiable information weren’t accessed.How cybercriminals can leverage stolen Cash App dataStill, according to experts, the portfolio data accessed represents a serious compromise. Avivah Litan, a distinguished research vice president at Gartner, said that part of the idea with this type of hack might be to identify potentially worthwhile targets for further compromise.“Using this compromised data, a hacker could determine which investors are worth targeting, based on their account values, and how to target them, based on their portfolio holdings and daily trading activity,” she said. “Further, they could integrate the compromised CashApp data with other previously stolen dark net data that potentially exists on the same individual to gain enough information – such as user IDs and passwords at other financial institutions or websites – to effectively socially engineer the user into transferring funds to a criminal account.” The idea that the attack was one step in a longer process was echoed by IDC research director Aaron Press, who said that the potential target – brokerage accounts – made sense, given the specific types of information that were stolen.“There’s no guarantee that this will be of use, and it may not be of value,” he said, “but if someone were interested in attacking a brokerage account, then this would be a place to start.” CSO is currently following this event and will post updates as they become available. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe