Cash App alerts 8 million customers to data breach

News
By
published

A former employee accessed sensitive data after departing

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)

Mobile payments service Cash App has suffered a data breach after an ex-employee accessed sensitive customer data.

The company behind the service, Block (formerly Square), reported the incident to the US Securities and Exchange Commission (SEC) earlier this week.

In the filing, the company explained that the person was allowed to access this data as part of their past job responsibilities, but that access should have been barred the moment they left. Block has so far declined to explain why the employee was still able to access the data.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Personally identifiable information

The motive behind the exfiltration is unclear, but we know the person took customers' full names and brokerage account numbers, and in some cases, brokerage portfolio value, brokerage portfolio holdings, and stock trading data.

Usernames, passwords and other identity-related information were not accessed, it was said.

Block also refrained from revealing the number of customers affected, but did say it was reaching out to more than eight million current and former customers about the breach. All of them reside in the United States.

“At Cash App we value customer trust and are committed to the security of customers’ information,” a spokesperson told TechCrunch.

“Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. In addition, we continue to review and strengthen administrative and technical safeguards to protect information.”

Read more

> Most companies are clueless when it comes to stopping insider threats

> Keeping a handle on threats to your hybrid workforce

> How to detect and defend against insider threats

Earlier this week, cybersecurity experts from Imperva published a new report that suggested the majority of companies fail to take insider threat as seriously as they should.

Based on a survey of 500 security professionals, the report revealed that companies are often guilty of underestimating the extent of the threat posed by insiders, a conclusion perhaps reinforced by the Cash App breach.

According to Imperva, businesses need to add insider risk to their overall data protection strategy, and set up a diverse insider threat detection system that combines several tools.

Via TechCrunch

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Avast cybersecurity
Zapier tells customers their data may have been accessed
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
Major breach hits employee screening firm - 3.3 million affected as hackers steal DISA data
An abstract image of padlocks overlaying a digital background.
Thousands of Bitcoin ATM users may have personal data leaked after breach
A computer being guarded by cybersecurity.
Zacks Investment hit in data breach - 12 million users potentially at risk
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
This widely-used instant loan app leaks nearly 30 million files of user data
Latest in Security
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
Latest in News
AOC Agon Pro AG276FK gaming monitor tilted slightly to the side, showing the Windows desktop screen
Windows 11 users get ready for more ‘recommendations’ from Microsoft – but I’m relieved to say these suggestions might actually be useful
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
Assassin&#039;s Creed Shadows
Assassin's Creed Shadows PS5 Pro details have been revealed and the biggest difference appears to be ray tracing
UNA Watch
UNA Watch is the sustainable wearable that wants to replace your Apple Watch
A collage of Iman Vellani&#039;s Kamala Khan in Marvels, Robert Downey Jr as Doctor Doom at Comic Con 2024, and Hailee Steinfeld&#039;s Kate Bishop in Hawkeye
'We take the comprehensive view': Joe and Anthony Russo drop big hint over Marvel heroes from Disney+ shows appearing in Avengers 5 and 6
MacBook Air mute key
The new M4 MacBook Air finally fixes an Apple keyboard annoyance that's been around for decades
More about security
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps

Agentic AI has “profound” issues with security and privacy, Signal President says
Woman shocked by online scam, holding her credit card outside

Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
UNA Watch

UNA Watch is the sustainable wearable that wants to replace your Apple Watch
See more latest
Most Popular
UNA Watch
UNA Watch is the sustainable wearable that wants to replace your Apple Watch
AOC Agon Pro AG276FK gaming monitor tilted slightly to the side, showing the Windows desktop screen
Windows 11 users get ready for more ‘recommendations’ from Microsoft – but I’m relieved to say these suggestions might actually be useful
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
Assassin&#039;s Creed Shadows
Assassin's Creed Shadows PS5 Pro details have been revealed and the biggest difference appears to be ray tracing
A collage of Iman Vellani&#039;s Kamala Khan in Marvels, Robert Downey Jr as Doctor Doom at Comic Con 2024, and Hailee Steinfeld&#039;s Kate Bishop in Hawkeye
'We take the comprehensive view': Joe and Anthony Russo drop big hint over Marvel heroes from Disney+ shows appearing in Avengers 5 and 6
International Space Station
Is the moon too far for your data? IBM's Red Hat is teaming up with Axiom Space to send a data center into space
Samsung NAND
Well, that's unexpected: Samsung will team up with its fiercest Chinese rival to produce next gen NAND flash
MacBook Air mute key
The new M4 MacBook Air finally fixes an Apple keyboard annoyance that's been around for decades
Gaming with AI
I asked Gemini to play a text-based adventure game with me and the AI whisked me away to a word-based fantasy
A collage of Ellie and Joel in The Last of Us season 2
The Last of Us season 2's new trailer teases a huge showdown between Bella Ramsey's Ellie and Pedro Pascal's Joel, but the big moment I'm waiting for is still being held back