Cash App to pay 15 million in settlement from data breach that impacted 8.2 million customers.
NURPHOTO VIA GETTY IMAGES
Cash App, a leading mobile payment platform under Block Inc., formerly known as Square, is set to pay $15 million in a settlement following a significant data breach. This breach, discovered in December 2021, compromised data belonging to approximately 8.2 million users.
Details of the Breach and Block’s Statement
According to Block’s filing with the U.S. Securities and Exchange Commission, or SEC, the breach occurred when a former employee downloaded reports on December 10, 2021, that contained sensitive customer information, including full names and brokerage account numbers.
For some users, additional data such as portfolio values and trading activity for a single day were also compromised. Critically, the reports did not include highly sensitive details such as passwords, Social Security numbers, card information or banking details.
Block Inc.’s Commitment and Next Steps
Block reiterated its commitment to user data security in its public disclosures, stating that the company has taken steps to strengthen both technical and administrative safeguards following the breach. The company has also reassured stakeholders that while the breach’s investigation continues, its business operations and financial stability are expected to remain unaffected.
As reported by BleepingComputer, a Cash App spokesperson made the following statement:
“At Cash App we value customer trust and are committed to the security of customers’ information. Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. We are also contacting customers whose data was impacted. In addition, we continue to review and strengthen administrative and technical safeguards to protect information.”
Eligibility for Compensation
Cash App users affected by the breach who meet these criteria can claim compensation:
User Status
To be eligible for compensation, you must fall under one of the following categories:
- Current Users: If you actively use Cash App or Cash App Investing, you qualify as a current user. This includes anyone who has had recent transactions or maintained an active account profile during the specified period.
- Former Users: Even if you no longer use Cash App or have deactivated your account, you may still be eligible. Former users who had active accounts at any point during the eligibility timeframe are included.
Time Frame of Service Use
The breach encompasses data compromised between August 23, 2018, and August 20, 2024. Your eligibility hinges on whether you used Cash App or Cash App Investing at any point within this nearly six-year period. This window covers:
- Initial Exposure: Users who had accounts or performed transactions around the time when the former employee accessed sensitive information in December 2021.
- Ongoing Use: Individuals who maintained their accounts before or after the breach are also considered, ensuring a comprehensive range of potentially impacted users.
Type of Incident Experienced
Compensation is specifically for users who experienced one of the following:
- Unauthorized Access: If you noticed suspicious activity, such as unauthorized transactions or changes to your account, you might qualify under this category. This could include situations where your account or financial data was accessed without your consent.
- Personal Data Exposure: Even if unauthorized transactions were not observed, users whose personal information was exposed in the breach—such as full names, account numbers, portfolio values, or trading activity—can file a claim. While highly sensitive data like Social Security numbers and banking details were reportedly not compromised, other identifiable details may have still been leaked.
Next Steps for Eligible Users
If you believe you meet these criteria, you should proceed to file a claim through the dedicated settlement portal at cashappsecuritysettlement.com. Ensure you gather any relevant documentation or evidence that supports your claim, such as:
- Correspondence with Cash App about unauthorized access.
- Bank statements showing unauthorized charges.
- Proof of expenses incurred, like credit monitoring services.
The deadline for filing claims is November 18, 2024, so act promptly to secure your compensation. If you received a notification with a Notice ID and confirmation code, have those details ready when submitting your claim.
Lars Daniel is the Practice Leader of Digital Forensics at Envista Forensics. He covers cybersecurity and electronic evidence, focusing on the intersection of technology in legal proceedings and our digital lives. Daniel and his experts have played a crucial role in high-profile cases such as the Casey Anthony, James Holmes, Dylan Roof, Aaron Hernandez and Adnan Syed cases. He has co-authored two books in his field, Digital Forensics for Legal Professionals, published by Elsevier, and Digital Forensics Trial Graphics, published by Academic Press. His expert testimony has been sought in state, federal and international courts. Daniel has taught hundreds of continuing legal education classes and frequently speaks at industry conferences. Follow him to gain insider knowledge on how digital forensics breaks open complex legal cases, shapes our understanding of technology’s role in modern investigations and combats evolving cybercrime threats.
