RISKS

What happened

On April 4, 2022, Block, the company formerly known as Square, said it “recently determined” that a data breach occurred that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers.

“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” Block revealed in a April 4 filing with the Securities and Exchange Commission (SEC).

Block stated the breach occurred last year on December 10, 2021, with the downloaded reports including customers’ full names as well as their brokerage account numbers,and in some cases, brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for one trading day.

The San Francisco-based company emphasized in the filing that the reports did not feature personally identifiable information (PII) such as usernames or passwords, Social Security numbers (SSNs), dates of birth (DOB), payment card information, addresses, and bank account details.

It’s exactly unknown how many users were impacted by the breach, but Block — which said it discovered the incident only recently — said it’s contacting roughly about 8.2 million current and former customers as part of its response efforts.

Why is this important?

According to the 2022 Ponemon Cost of Insider Threats Global Report, insider threat incidents have risen 44% over the past two years, with costs per incident up more than a third to $15.38 million. Those include both incidents relating to negligence and also incidents relating to criminal insiders. Disruption or downtime and technology (which includes the amortized value and the licensing for software and hardware that are deployed in response to insider-related incidents) represent the most significant costs when dealing with insider incidents.

What does this mean to me?

It’s important to have a Risk Management Program in place to proactively identify and address the insider threats before they result in a potential breach. This includes not just current employees, but also a checklist for offboarding departing employees to close off any access they may have to systems after they depart.

APPROACHES

Helpful Controls

  • User and Entity Behavior Analytics
  • Data Loss Prevention (DLP)
  • Privileged Access Management (PAM)
  • Endpoint Detection and Response (EDR)
  • Insider Threat Management (ITM)

Commonality of attack

High

Article on story

Block Admits Data Breach Involving Cash App Data Accessed by Former Employee

HALOCK Security Briefing Archives: Updates on cybersecurity trends, threats, legislation, reasonable security, duty of care, key acts and laws, and more that impact your risk management program.

SCHEDULE YOUR FULL HALOCK SECURITY BRIEFING