Cash App, the popular mobile payment platform owned by Block Inc. (formerly Square), has announced a significant settlement of $15 million following a major data breach that exposed the personal information of approximately 8.2 million users. The breach, which was uncovered in December 2021, has raised concerns about data security and user privacy. According to Block’s filing with the U.S. Securities and Exchange Commission (SEC), the breach occurred when a former employee accessed sensitive customer information by downloading reports on December 10, 2021. These reports contained various types of personal data, including full names and brokerage account numbers. In some cases, additional details such as portfolio values and trading activity for a single day were also compromised. However, it is important to note that highly sensitive information, such as passwords, Social Security numbers, card information, or banking details, was not included in the compromised data.
Block has expressed its commitment to enhancing user data security in the wake of this incident. In its public disclosures, the company emphasized that it has implemented additional technical and administrative safeguards to prevent similar occurrences in the future. Furthermore, Block reassured stakeholders that its ongoing business operations and financial stability are expected to remain unaffected by the breach’s investigation. A Cash App spokesperson stated, “At Cash App, we value customer trust and are committed to the security of customers’ information. Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. We are also contacting customers whose data was impacted. In addition, we continue to review and strengthen administrative and technical safeguards to protect information.”
Users who were affected by the data breach may be eligible to receive compensation from the settlement. To qualify, individuals must meet specific criteria related to their status as Cash App users, the time frame of service use, and the type of incident they experienced. Eligibility for compensation is based on whether individuals are current or former users of Cash App. Current users are those who actively use Cash App or Cash App Investing, including anyone who has conducted recent transactions or maintained an active account profile during the specified period. Former users, on the other hand, may still be eligible for compensation even if they no longer use Cash App or have deactivated their accounts, provided they had active accounts at any time during the eligibility period.
The data breach affected users who had their data compromised between August 23, 2018, and August 20, 2024. To determine eligibility, individuals must have used Cash App or Cash App Investing at some point during this nearly six-year window. This time frame encompasses users who had accounts or performed transactions around the time the former employee accessed sensitive information in December 2021, as well as individuals who maintained their accounts before or after the breach, broadening the scope of potentially impacted users. Compensation is specifically for users who experienced one or more of the following incidents related to the breach: those who noticed suspicious activity, such as unauthorized transactions or changes to their accounts, may qualify for compensation under this category. Additionally, users whose personal information was exposed in the breach, such as full names, account numbers, portfolio values, or trading activity, can file a claim. While highly sensitive data like Social Security numbers and banking details were reportedly not compromised, other identifiable details may have still been leaked.
Eligible users who believe they meet the criteria for compensation should take immediate steps to file a claim through the dedicated settlement portal at cashappsecuritysettlement.com. To support their claims, users should gather any relevant documentation or evidence, which may include correspondence with Cash App regarding unauthorized access, bank statements that show unauthorized charges, and proof of expenses incurred, such as receipts for credit monitoring services. The deadline for submitting claims is November 18, 2024, so users are urged to act promptly to secure their compensation. Those who received a notification with a Notice ID and confirmation code should have those details ready when filing their claims.
The $15 million settlement by Cash App serves as a reminder of the importance of data security in the digital payment landscape. Users who believe they were affected by this breach should carefully assess their eligibility for compensation and take the necessary steps to file a claim. As the company works to enhance its security measures, users can take solace in the steps being taken to safeguard their personal information in the future.
Leave a comment