Data of More Than 8 million Cash App Users May be Compromised | ||
DESCRIPTION | ||
On April 4th, 2022, Block, Inc., formerly known as Square, announced that it had filed a report with the U.S. Securities and Exchange Commission (SEC) concerning a large breach which took place on December 10th, 2021. The breach could involve the data of some 8.2 million present and past Cash App customers. Cash App is a Block financial product. It is the third largest person-to-person payment system in the United States. The breach only involved Cash App customers who use the Cash App Investing service, and not the mobile payment service that has more than 44 million users. The personal data that was compromised included the full name and brokerage number of each person. Current customers’ information that was exposed included the value of their brokerage account and brokerage portfolio holdings as well as the stock trading activity of those who had actively traded stocks that day. Block assures that no passwords were exposed in the breach. The breach was limited to U.S.-based customers only.
| ||
IDENTIFY INDICATORS OF COMPROMISE (IOC) | ||
The breach was not a result of external threat actors or a ransomware attack. According to the filed report, a former Block employee downloaded certain reports of Cash App Investing LLC. While the employee did have regular permitted access to these reports during the tenure of their employment, Block did not disclose how an ex-employee who was no longer affiliated with the company still had access to the reports in question. They have also not stated how long the employee has been in possession of company data. Block has emphasized that the reports did not contain any other identifiable information such as Social Security Numbers (SSN), birth dates and addresses, nor did they include financial data such as payment card information or bank account information. While the type of information exposed in the breach was limited, hackers can pair the stolen information with the personal information obtained in other attacks to complete a full profile on the affected individuals. | ||
CONTAINMENT (If IoCs are identified) | ||
Block has sought the help of outside counsel as well as the assistance of a leading forensics firm to head the investigation on how the breach was able to take place. Law enforcement has been involved, and the company is notifying all applicable regulatory authorities on the matter. Immediately after the announcement, Cash App began contacting those whose information was compromised to alert them of their possible exposure and answer any questions they may have. A Cash App spokesperson stated that the company is continuing to review and strengthen administrative and technical safeguards to protect the information of its customers. While the investigation is not yet completed, company leaders do not believe that the incident will have a material impact on its business operations. | ||
LEGAL RAMIFICATIONS | ||
The civil litigation firm, Migliaccio & Rathod LLP has initiated a class action investigation into the alleged failure of Block to protect the sensitive data that was compromised in the breach. The firm asserts that due to the elongated period between the breach and the company’s notice to affected customers, there is a good chance that the data may have already been fraudulently used. | ||
PREVENTION | ||
The incident is a good example of why it is imperative for organizations to manage employee movement and access to sensitive data. Companies should disable the user accounts of all ex-employees at the time of their termination, retirement, resignation or leave of absence. These accounts should also be removed from all security and distribution groups to ensure they do not have access to company resources. A data loss prevention policy (DLP) may have helped to prevent this attack as well. DLP policies are designed to restrict users from performing prohibited actions that involve sensitive data. This includes the copying, pasting or transmission of data. It also prevents users from saving information to personal or unauthorized devices. DLP monitoring flags and logs any of these prohibitive actions to inform internal security personnel. While the ex-employee in this case did have authorization to access the data during as part of their job, the incident is a reminder of the importance of enforcing the principle of least privilege (PoLP) across your enterprise. The PoLP ensures that users only have access to the exact resources they need to do their job. Third party security experts are advising all Cash App users to reset their passwords at their earliest convenience. | ||
Review your employee access management controls. Plus, it is also best practice to keep your data inventory current to understand what sensitive data you have, who has access to it, and how it is managed to implement the proper safeguards and protect your assets.
|
HALOCK Breach Bulletins
Recent data breaches to understand common threats and attacks that may impact you – featuring description, indicators of compromise (IoC), containment, and prevention.