HomeContributionsBlock Admits Data Breach Involving Cash App Data Accessed by Former Employee

Block Admits Data Breach Involving Cash App Data Accessed by Former Employee


This article was contributed by Mashum Mollah from blogmanagement.io.

The company Block, formerly known as Square, has recently disclosed a data breach involving one of its former employees. The former employee appears to have downloaded unspecified reports about the Cash App Investing, a bitcoin-enabled financial platform app.

The data accessed was related to U.S. customers. The company stated in an April 4 filing with the U.S Securities and Exchange Commission (SEC):  “While this employee had regular access to these reports as part of their past job responsibilities, in this instance, these reports were accessed without permission after their employment ended.”

Cash App Data Breach

Cash App is advertised by the Block firm as “the easiest way to send money, spend money, save money, and buy cryptocurrency.” The data breach occurred on December 10, 2021. It contained downloaded reports such as:

  • customers’ full names,
  • brokerage account numbers,
  • brokerage portfolio value,
  • brokerage portfolio holdings,
  • stock trading activity.

Data breaches can easily destroy a company’s reputation. However, in the case of Block, there is some good news. According to their reports, the data breach didn’t host personally identifiable information. Usernames, passwords, Social Security Numbers, birth dates, card information, bank account details, or addresses weren’t accessed.

Since the data breach occurred recently, it is still unknown how many people were affected by it. Only U.S. customers appeared to have been targeted. The company has already contacted over 8.2 million current and former clients in their response efforts.

What is also unclear is how the former employee managed to access several records containing customer information. Though the formal investigation is underway, the company has notified law enforcement. They continue to strengthen their administrative and technical safeguards to protect their customer’s private information better.

On a side note, Block appears to be optimistic. They stated that they don’t believe that the incident will negatively impact their operations.

How Data Breaches Ruin Companies & The Importance of Cybersecurity

Data breaches are among the most significant threats online businesses face these days. When a company suffers a data breach, it loses the financial side and its reputation. Apart from this, their productivity levels also drop until their online security is updated.

Some of the biggest data breaches that occurred in recent years and the damages suffered by companies include:

  • The ExPetr/ NotPetya attack in 2017 – $10 billion in loses
  • Epsilon (2011) – $4 billion in loses
  • Mafiaboy Attack (2002) – $1 billion
  • Sonny PlayStation (2011) – $171 million

These are just some random examples, as there are thousands. Ever since the COVID situation forced many to work remotely, cyberattacks have become more common. The numbers continue to grow, and cybersecurity experts are significantly needed.

The most vulnerable point in any organization’s cybersecurity appears to be the employee based on cybersecurity analysis. Many businesses underestimate the value of cybersecurity best practices. They don’t train their employees and don’t raise awareness because they don’t consider that their business will be the subject of an online attack.

How a Company Can Strengthen Its Cybersecurity

Training employees should be a top priority for any business, no matter how small, and the statistics are more than straightforward as to the efficiency of doing so. Here are a couple of tips for companies and individuals on boosting their cybersecurity levels!

Use a VPN

A VPN is a virtual private network that encrypts your network connection. It gives you privacy from your Internet Provider, government, or websites that collect information from your PC. The best VPN providers also have many servers worldwide, allowing you to change your geo-location.

With this feature, you can change your location and gain access to content that might be restricted in your country. The best thing about a VPN is that it can also secure any connection, even when connecting to public WiFi.

Strong Passwords

Companies and individuals may be tempted to use easy-to-remember passwords. However, these types of passwords are usually weak and easy to break. It would be best if you focused on creating strong passwords that include numbers, symbols, and other characters.

To remember such passwords, you may need to use a password manager. It is also advised to change your passwords regularly. Such a practice would have prevented the former employee from Block from accessing client information.

Two-factor authentication is another excellent cybersecurity best practice. It will be the second line of defense in case of a data breach.

Avoid Administrator Profile

When a hacker or virus gets through your defenses and infects your PC, they will wreak havoc on your system. If you are logged into your PC with Administrator privileges, the virus or hacker can also use them.

It is best to create separate profiles, especially for employees, with fewer privileges. If an attack occurs, it might prevent some more serious damage to your system.

About the author

Mashum Mollah is an entrepreneur for Blog Management and a passionate blogger as well. Besides his immense contributions in helping new bae entrepreneurs towards achieving their goals, he also shares sentient blogs regarding his favorite topics such as technology, health, current affairs, and more.


Recent News