Block slapped with lawsuit after ex-employee runs off with customer data
Users allegedly lost money as a result of the data breach
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Two people are suingdigital paymentspowerhouse Block and its subsidiary Cash App Investing for allegedly failing to properly protect sensitive personal data in a December 2021 data breach.
As per the lawsuit filed in a federal district in Oakland, California, the two individuals saw “unauthorizedcharges” to their Cash App accounts, and spent many hours trying to fix the problem.
These unauthorized charges came as a result of adata breachin December 2021, when a former employee logged back into Cash App’s systems and downloaded internal reports which held personal information. The data the culprit took includes customers' full names, brokerage account numbers, brokerage portfolio values, brokerage portfolio holdings, and in some cases, stock trading activity for one trading day.
Millions affected
Now, they’re seeking damages, as well as other punishment for the service providers, arguing the company “failed to exercise reasonable care in securing and safeguarding consumer information”. What’s more, they’re claiming the company didn’t notify customers on time, shared too little information about what had happened, and did not offer credit and identity monitoring services.
Block publicly disclosed the incident almost five months after it had happened - in early April 2022. Back then, it said that 8.2 million current and former customers were affected and that it had reached out to notify them of the incident.
Cash App alerts 8 million customers to data breach>Top data breaches and cyber attacks of 2022>Keep your business safe with the best endpoint protection
The lawsuit doesn’t detail exactly how the unwanted charges came to be, or how they link to the December data breach. According toThe Register, when Block first announced the data breach, it said the former employee did not steal usernames or passwords, or other sensitive personal information.
We have reached out to Block for a comment and will update the article if we hear back from the company.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via:The Register
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set
