Data of More Than 8 million Cash App Users May be Compromised
On April 4th, 2022, Block, Inc., formerly known as Square, announced that it had filed a report with the U.S. Securities and Exchange Commission (SEC) concerning a large breach which took place on December 10th, 2021. The breach could involve the data of some 8.2 million present and past Cash App customers. Cash App is a Block financial product. It is the third largest person-to-person payment system in the United States. The breach only involved Cash App customers who use the Cash App Investing service, and not the mobile payment service that has more than 44 million users.
|IDENTIFY INDICATORS OF COMPROMISE (IOC)|
The breach was not a result of external threat actors or a ransomware attack. According to the filed report, a former Block employee downloaded certain reports of Cash App Investing LLC. While the employee did have regular permitted access to these reports during the tenure of their employment, Block did not disclose how an ex-employee who was no longer affiliated with the company still had access to the reports in question. They have also not stated how long the employee has been in possession of company data. Block has emphasized that the reports did not contain any other identifiable information such as Social Security Numbers (SSN), birth dates and addresses, nor did they include financial data such as payment card information or bank account information. While the type of information exposed in the breach was limited, hackers can pair the stolen information with the personal information obtained in other attacks to complete a full profile on the affected individuals.
|CONTAINMENT (If IoCs are identified)|
Block has sought the help of outside counsel as well as the assistance of a leading forensics firm to head the investigation on how the breach was able to take place. Law enforcement has been involved, and the company is notifying all applicable regulatory authorities on the matter. Immediately after the announcement, Cash App began contacting those whose information was compromised to alert them of their possible exposure and answer any questions they may have. A Cash App spokesperson stated that the company is continuing to review and strengthen administrative and technical safeguards to protect the information of its customers. While the investigation is not yet completed, company leaders do not believe that the incident will have a material impact on its business operations.
The civil litigation firm, Migliaccio & Rathod LLP has initiated a class action investigation into the alleged failure of Block to protect the sensitive data that was compromised in the breach. The firm asserts that due to the elongated period between the breach and the company’s notice to affected customers, there is a good chance that the data may have already been fraudulently used.
The incident is a good example of why it is imperative for organizations to manage employee movement and access to sensitive data. Companies should disable the user accounts of all ex-employees at the time of their termination, retirement, resignation or leave of absence. These accounts should also be removed from all security and distribution groups to ensure they do not have access to company resources.
Review your employee access management controls. Plus, it is also best practice to keep your data inventory current to understand what sensitive data you have, who has access to it, and how it is managed to implement the proper safeguards and protect your assets.
HALOCK Breach Bulletins
Recent data breaches to understand common threats and attacks that may impact you – featuring description, indicators of compromise (IoC), containment, and prevention.