EXECUTIVE SUMMARY:

San Francisco-based company Block Inc., previously known as Square, just publicly revealed that its subsidiary, Cash App, experienced a customer data breach on account of a former employee’s unsanctioned actions. Now the company is contacting roughly 8.2 million current and former customers.

The Cash App data breach

The aforementioned data breach information was found in a Security and Exchange Commission filing, which noted that a former employee downloaded “certain reports” pertaining to the company’s investing platform.

Did Cash App fail to terminate access to the reports upon the employee’s departure from the company, or did the employee use technical maneuvers to break into well-guarded electronic systems?

According to TechCrunch, Block “refused” to answer questions about why a former employee had access to private client data.

Cash App attack impact

At present, Cash App’s Investing platform is reaching out to roughly 8.2 million current and former clients in order to provide information and resources pertaining to the incident.

A spokesperson for Cash App confirmed the breach, noting that information within the exposed reports included names and brokerage account numbers. For some investors, brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day were also exposed within the incident.

Reports indicate that the exposed information did not include usernames, passwords, Social Security numbers, payment card information, addresses, banking information or further personally identifiable information. Investigators say that the breach did not affect any security codes, access codes, or passwords used to gain entry into Cash App accounts.

Remediation efforts

A Cash App spokesperson explained that the company took immediate steps to resolve lingering issues associated with the incident. An investigation involving a forensics team has been launched.

The company states that law enforcement has received proper notification, and that further safeguards to protect information will be put in place shortly.

Insider threat prevention insights

Across the past few years, several serious insider threats have occurred within major firms; from Tesla, to Snapchat, to Google. Motivations for insider threats can range from revenge, to romance, to financial gain. The following steps can help your organization avoid insider incidents:

1. Create a comprehensive employee departure procedure. Follow user termination best practices. Ensure that your organization’s Human Resources team is empowered with information about how to provide and retract access to IT environments. Present your legal department with the opportunity to vet these policies. Obtain sign-off from your organization’s CEO.

2. Monitor remote access from all endpoints. Ensure that your organization deploys and correctly configures wireless intrusion prevention and detection systems. In addition, you may wish to consider a mobile data interception system. On a regular basis, conduct reviews of whether or not employees still need certain kinds of remote access.

3. Leverage principles of zero-trust. Provide employees with the access that they need and avoid giving employees excessive levels of “clearance.” Doing so increases risk in the event of credential theft.

4. Within training, include insider threat awareness. While it need not serve as an outsized focal point, insider threat awareness training can help employees spot suspicious physical or electronic behaviors that may indicate a business attack.

For more information about insider threats, see CyberTalk.org’s past coverage. Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.