skip to main content

Jack Dorsey’s Payments Company Block Is Sued For ‘Negligent’ Security After Breach Of 8.2 Million Users’ Data

Forbes

On the same day a former security chief blew the whistle on what he alleged were “egregious” security failings at Twitter, a lawsuit was filed claiming that another business founded by billionaire Jack Dorsey was also “negligent” in protecting user data. Block, Inc., which owns Cash App and Square payments technologies, was sued in a class action on Tuesday related to a December 2021 breach of Cash App Investing, in which 8.2 million users’ data was stolen by an employee who still had access to company reports even after they departed.

The lawsuit’s central allegation is that the employee was able to take the data because of poor security practices. According to Block’s disclosure of the hack in April 2022, the ex-staffer was able to grab reports from Cash App Investing, Cash App’s investing feature allows users to easily buy and sell stocks through the popular payment tool. The reports included users’ full name and brokerage account number—a unique identification number associated with a customer’s stock activity. For some customers, the leaked data also included brokerage portfolio value, holdings and stock trading activity for a single trading day. No passwords or Social Security numbers were lost.

The lawsuit is now linking this data breach with subsequent theft from users’ Cash App accounts. Two Cash App Investing users, who are the class action’s main plaintiffs argue that after the breach, users were subjected to “a wide range of fraudulent activities” on their Cash App accounts.

One of the plaintiffs, Michelle Salinas, a user from Texas, said she had multiple fraudulent transactions on her Cash App account following the December 2021 incident, all of them for Amazon purchases that totaled $50. She said she had not been reimbursed by Block. Another plaintiff, Chicagoan Raymel Washington, said he had seen nearly $395 in unauthorized transactions occurring on his Cash App in June 2022. He, too, was unable to get money back from Cash App, according to the suit.

However, the suit does not provide evidence linking those thefts directly to the 2021 hack. According to Vice, other Cash App users have come up against the same problems after their accounts were hacked.

Source