Cash App awards $15 million to users following data breach

The settlement is the result of a 2021 data breach. 

What happened

According to IndyStar, the breach initially occurred in December 2021, when a former employee accessed to user information. The employee allegedly accessed various users’ personal information and downloaded the data without the users’ knowledge.  

The lawsuit against Cash App said the breach resulted “in the unauthorized public release of the personally identifiable information of 8.2 million current and former Cash App Investing customers.” 

Going deeper

Block, the financial service company that owns Cash App, filed a report with the U.S. Securities and Exchange Commission on April 4th, 2022. The report stated that the employee had access to the leaked information for his job duties, but the violation took place after the employee was no longer with the company. 

The downloaded data included full names and brokerage account numbers. Some individuals may also have had their brokerage portfolio value downloaded. Notably, no usernames, passwords, Social Security numbers, or bank account information were included in the breach. 

According to the filing, only users of Cash App Investing were impacted.   

What was said

According to the filing, Cash App said it takes “the security of information belonging to its customers very seriously and continues to review and strengthen administrative and technical safeguards to protect the information of its customers.” 

Adam Darrah, director of intelligence services at cybersecurity company ZeroFox, said the incident may not immediately impact customers. “This information by itself is not valuable. It has to be paired with other stuff.” Darrah said the information may make malicious actors better able to break into accounts, which will likely be their endgoal. 

What’s next

Now, Cash App is required to pay out $15 million to users impacted by the security breach. The settlement comes after a class-action lawsuit that claimed Cash App failed to “exercise reasonable care in securing and safeguarding consumer information.” 

Users who had unauthorized or fraudulent withdrawals or transfers from their Cash App account between 2018 and 2024 may be entitled to up to $2,500. Users can also submit a claim for out-of-pocket losses, lost time, and transaction losses. 

The big picture

Accidental disclosures can occur for a variety of reasons, like employees having access to accounts they no longer should. In these cases, organizations should ensure accounts remain secure and protected. 

Users who may have been impacted by the breach and wish to file a claim may go to the security settlement website. 

Related: HIPAA Compliant Email: The Definitive Guide