Cash App alerts 8 million customers to data breach

By Sead Fadilpašić
last updated

A former employee accessed sensitive data after departing

Data Breach
(Image credit: Shutterstock)

Mobile payments service Cash App has suffered a data breach after an ex-employee accessed sensitive customer data.

The company behind the service, Block (formerly Square), reported the incident to the US Securities and Exchange Commission (SEC) earlier this week.

In the filing, the company explained that the person was allowed to access this data as part of their past job responsibilities, but that access should have been barred the moment they left. Block has so far declined to explain why the employee was still able to access the data (opens in new tab).

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window (opens in new tab) <<

Personally identifiable information

The motive behind the exfiltration is unclear, but we know the person took customers' full names and brokerage account numbers, and in some cases, brokerage portfolio value, brokerage portfolio holdings, and stock trading data.

Usernames, passwords (opens in new tab) and other identity (opens in new tab)-related information were not accessed, it was said.

Block also refrained from revealing the number of customers affected, but did say it was reaching out to more than eight million current and former customers about the breach. All of them reside in the United States.

“At Cash App we value customer trust and are committed to the security of customers’ information,” a spokesperson told TechCrunch.

“Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. In addition, we continue to review and strengthen administrative and technical safeguards to protect information.”

Read more

> Most companies are clueless when it comes to stopping insider threats (opens in new tab)

> Keeping a handle on threats to your hybrid workforce (opens in new tab)

> How to detect and defend against insider threats (opens in new tab)

Earlier this week, cybersecurity experts from Imperva published a new report that suggested the majority of companies fail to take insider threat as seriously as they should.

Based on a survey of 500 security professionals, the report revealed that companies are often guilty of underestimating the extent of the threat posed by insiders, a conclusion perhaps reinforced by the Cash App breach.

According to Imperva, businesses need to add insider risk to their overall data protection strategy, and set up a diverse insider threat detection system that combines several tools.

Via TechCrunch (opens in new tab)

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

See more Computing news