Block slapped with lawsuit after ex-employee runs off with customer data

Data Breach
(Image credit: Shutterstock)

Two people are suing digital payments powerhouse Block and its subsidiary Cash App Investing for allegedly failing to properly protect sensitive personal data in a December 2021 data breach. 

As per the lawsuit filed in a federal district in Oakland, California, the two individuals saw “unauthorized charges” to their Cash App accounts, and spent many hours trying to fix the problem.

These unauthorized charges came as a result of a data breach in December 2021, when a former employee logged back into Cash App’s systems and downloaded internal reports which held personal information. The data the culprit took includes customers' full names, brokerage account numbers, brokerage portfolio values, brokerage portfolio holdings, and in some cases, stock trading activity for one trading day.

Millions affected

Now, they’re seeking damages, as well as other punishment for the service providers, arguing the company “failed to exercise reasonable care in securing and safeguarding consumer information”. What’s more, they’re claiming the company didn’t notify customers on time, shared too little information about what had happened, and did not offer credit and identity monitoring services.

Block publicly disclosed the incident almost five months after it had happened - in early April 2022. Back then, it said that 8.2 million current and former customers were affected and that it had reached out to notify them of the incident.

The lawsuit doesn’t detail exactly how the unwanted charges came to be, or how they link to the December data breach. According to The Register, when Block first announced the data breach, it said the former employee did not steal usernames or passwords, or other sensitive personal information. 

We have reached out to Block for a comment and will update the article if we hear back from the company. 

Via: The Register

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.