A class action lawsuit alleges the company failed to protect the data of over 8.2 million users, stolen by an ex-employee.
Block, a digital payments company co-founded by Twitter’s ex-CEO Jack Dorsey, faced allegations it failed to protect customers’ personal data. According to a class action lawsuit, the company failed to implement adequate security measures. The lawsuit was filed by two users of Cash App, a subsidiary of Block.
The lawsuit relates to a breach that occurred in December 2021, when an ex-employee of Cash App siphoned the personal data of over 8.2 million app users.
According to the breach’s disclosure, the ex-employee could steal Cash App reports that included users’ names and brokerage account numbers. Some reports had brokerage portfolio value.
The plaintiffs allege that as a result of the breach, several unauthorized transactions were made to their Cash App accounts, and the plaintiffs were not reimbursed for the lost funds.
“Because of the Data Breach, Plaintiffs’ and Class members’ Private Information has been compromised, and their financial accounts are no longer secure, including their Cash App Investing portfolio,” reads the lawsuit.
The plaintiffs claim that Block, formerly known as Square, failed to disclose the exact details on how the employee could access their network and if customer data was adequately encrypted.
One of the plaintiffs claims that the breach led to fraudulent purchases on her Cash App account, totaling $50, while another is said to have lost $395 due to the breach.
“The Breach occurred because Defendants failed to take reasonable measures to protect the Private Information it collected and stored. Among other things, Defendants failed to implement data security measures designed to prevent this release of information to former employees,” the lawsuit claims.
The lawsuit came out at the same time as another company founded by Dorsey, Twitter, faced accusations of major security problems threatening its users. Twitter's former head of security, Peiter Zatko, went public saying that employees had wide and poorly tracked internal access to core company software.
More from Cybernews:
Subscribe to our newsletter