Jack Dorsey-led fintech company Block confirmed this week that an employee was behind a data breach of Cash App, one of its subsidiaries. Formerly known as Square, Block didn’t reveal precisely how many of its customers were impacted but said it is apprising 8.2 million existing and former customers about the security incident.
Cash App is available only in the U.S. and the U.K., but the incident only impacts the former. The financial services and digital payments company is designed to allow seamless peer-to-peer money transfer, stock investments, and bitcoin purchasing. Block clarified that only stock activity was impacted.
In its Form 8-KOpens a new window filing with the Securities and Exchange Commission (SEC), Block stated that full names and brokerage account numbers (a unique identification number associated with a customer’s stock activity) were compromised. Additionally, some customers’ brokerage portfolio value, holdings, and/or stock trading activity for one trading day were also affected.
However, no usernames or passwords, social security numbers, dates of birth, payment card information, addresses, bank account information, or personally identifiable information were compromised. Neither were security codes, access codes, or passwords used to access Cash App accounts, Block said.
“A former employee downloaded certain reports of its subsidiary Cash App Investing LLC (‘Cash App Investing’) on December 10, 2021 that contained some U.S. customer information,†the company said. “While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended.â€
The risk from insiders, or employees, to organizational and customer data has been rising amid the switch to hybrid work. Code42 discovered as an employee leaves the organization, so does sensitive organizational data such as source code, patent applications, and customer lists.
A Randstad surveyOpens a new window from November 2021 found out that 56% of professionals are looking for a new job, either for work-life balance, unwilling to go back to business as usual, change in professional goals, etc.
And if disgruntled, these employees who are more often than not privy to an organization’s data may exfiltrate it before resigning or terminating the relationship with the organization. Block didn’t mention if their former employee had a bone to pick with them, but they certainly had the drive, the access, and the skills to depart with company data.
See More: Is an Employee Resigning? Chances Are They’re Taking Some Company Data With Them
The employee’s conduct is similar to that of a Super Malicious Insider. DTEX Systems describes this person as “a technically proficient employee who is acutely aware of an organization’s cyber security architecture, solutions, and processes and who understands both the technical and human analyst limitations in detecting insider threat indicators.â€
DTEX Systems detected a 72% surge in actionable insider threat incidents between 2020 and 2021. IP and other data theft contributed the highest at 42% of all the occurrences. “If any company thinks they don’t have an insider risk problem, they aren’t looking,†said Rajan Koo, the chief customer officer at DTEX Systems.
“The addition of the super malicious persona in this year’s report provides a wake-up call that traditional cyber security tools, such as DLP, UBA, and UAM, are actively being avoided or circumvented by those with sufficient technical skill and malicious intent.â€
Motivations for a Super Malicious Insider could be financial, gaining the favor of a future employer (who could very well be a competitor), revenge, or simply criminal collaboration.
Block said they learned about the compromise, which happened on December 10, 2021, only “recently,†thus validating that insider threats may take longer to be discovered.
“Upon discovery, the Company and its outside counsel launched an investigation with the help of a leading forensics firm,†Block stated. “Cash App Investing is contacting approximately 8.2 million current and former customers to provide them with information about this incident and sharing resources with them to answer their questions.â€
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!