Often when we think of data breaches, we think of external cyber threat actors utilizing ransomware to make a profit. We rarely think that our own employees could be the culprit of a massive data breach.
The unfortunate reality is that anyone could be a potential threat to data security and that is exactly what happened to Cash App in December of 2021.
On April 4, 2022, Cash App’s parent company Block Inc. disclosed the breach to the Securities and Exchange Commission stating that on December 10, 2021, a former employee gained unauthorized access to information that included current and former customers’ “full names, brokerage account numbers, brokerage portfolio values, brokerage portfolio holdings, and/or stock trading activity for one trading day.”
Other sensitive information such as Social Security numbers, usernames, passwords, and bank account information was not compromised according to Block.
The number of customers affected could be as high as 8.2 million with the former employee having access to these records daily while he was employed.
The company stated that after the employee no longer worked for Cash App, the unnamed individual was not restricted from accessing this information in a timely manner. Block has not stated whether the former employee was terminated or left on their own accord.
Block has taken this data breach very seriously and is working with relevant regulatory agencies and law enforcement to investigate the matter.
The company also stated that “The company takes the security of information belonging to its customers very seriously and continues to review and strengthen administrative and technical safeguards to protect the information of its customers.
Future costs associated with this incident are difficult to predict… Based on its preliminary assessment and on the information currently known, the company does not currently believe the incident will have a material impact on its business, operations, or financial results.”
Data breaches and other forms of cyber threats are increasing at a rapid rate forcing organizations to rethink their cybersecurity practices. As recent events have shown organizations can no longer only focus primarily on external threats to establish an effective cybersecurity framework but must also examine internal policies and processes to ensure that data is protected.
Cyber threats are a growing concern for organizations of all sizes, and they can greatly impact financial performance as well as significantly damage a reputation. Organizations must make cybersecurity a top focus throughout 2022 to best combat the growing abundance of threat actors.