using phone to send money online
News

Cash App breached by a former employee could affect millions

Posted: April 7, 2022 by Jovi Umawing

In December last year, the customer information of Cash App users was accessed by a former employee of Block, the company behind the popular mobile payment service app. This was revealed in a very recent filingto the Securities and Exchange Commission (SEC), which shows that the former employee accessed and downloaded “certain reports” containing US customer information.

The filing reads:

“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended.”

Cash App is currently in the process of reaching out to its 8.2 million US users about the breach. That includes current and former Cash App users.

The compromised data contains full names and brokerage portfolio values. The filling explains the latter as “the unique identification number associated with customer’s stock activity on Cash App Investing”.

The document also clarified that compromised data “did notinclude usernames or passwords, Social Security numbers, date of birth, payment card information, addresses, bank account information, or any other personally identifiable information.” Security code, access code, or Cash App account passwords were also not part of the breached data.

According to an email interview with Vice, a Cash App spokesperson said they have already taken remediating steps, and launched an investigation “with the help of a leading forensics firm”.

We have yet to find out exactly how this former employee could still reach assets they should no longer be able to access after separating from their employer. Sadly, incidents like this happen all the time. Multiplestudieshave shown that many organizations’ former employees, regardless of the nature of their termination, can still access not just corporate data but also platforms used by their former employers. Such incidents are not only classified as insider threatincidents, but they are also good examples of many companies having improper offboarding practices.

Cash App can only be used in the US and UK. No UK customers were affected by this breach.

RELATED ARTICLES

Fishing in a lake
Cybercrime

Law enforcement reels in phishing-as-a-service whopper

April 18, 2024 - A major international law enforcement effort has disrupted the notorious LabHost phishing-as-a-service platform.

CONTINUE READING 0 Comments
Cerebral logo
News | Privacy

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

April 18, 2024 - The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data.

CONTINUE READING 0 Comments
JuicyFields investment scam
News | Scams

Cannabis investment scam JuicyFields ends in 9 arrests

April 18, 2024 - JuicyFields was an investment scam that urged victims to invest in cannabis production.

CONTINUE READING 0 Comments
A mobile phone in the hands of a young woman in a dark colored t-shirt.
Privacy

Should you share your location with your partner?

April 17, 2024 - Location sharing is popular among couples. But is it something you want in your own relationship?

CONTINUE READING 0 Comments
Giant Tiger logo
News | Personal

Giant Tiger breach sees 2.8 million records leaked

April 16, 2024 - A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Jovi Umawing

Jovi Umawing

Knows a bit about everything and a lot about several somethings. Writes about those somethings, usually in long-form.

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams