Cash App will pay $15 million for data breach. Are you eligible?

Cash App, the leading mobile payments platform run by Block Inc., formerly known as Square, must pay $15 million in compensation for a serious data breach. This breach, discovered in December 2021, compromised data belonging to approximately 8.2 million users.

Details of the violation and Block’s statement

According to Block’s filing with the U.S. Securities and Exchange Commission (SEC), the violation occurred when a former employee downloaded reports on December 10, 2021, containing confidential client information, including full names and brokerage account numbers.

For some users, additional data such as portfolio value and single-day trading activity were also compromised. Crucially, the reports did not include sensitive data such as passwords, Social Security numbers, card information or bank details.

Block Inc.’s obligations and next steps

Block has reiterated its commitment to the security of user data in its public statements, saying the company has taken steps to strengthen both technical and administrative security measures following the hack. The company also assured stakeholders that while the investigation into the hack continues, its business operations and financial stability are expected to remain unchanged.

As reported by BleepingComputer, a Cash App representative issued the following statement:

“At Cash App, we value customer trust and are committed to ensuring the security of customer information. Following discovery, we took steps to correct the issue and began an investigation with the help of a leading forensics firm. We know how these reports were accessed. and we notified law enforcement. We are also contacting customers whose data has been affected. In addition, we continue to review and strengthen administrative and technical measures to protect information.”

Right to compensation

Cash App users affected by the breach and meeting these criteria may seek compensation:

User status

To be eligible for compensation, you must fall into one of the following categories:

• Current users: If you are actively using Cash App or Cash App Investing, you qualify as a current user. This includes anyone who has recently made transactions or maintained an active account profile during the specified period.
• Former users: Even if you no longer use Cash App or have deactivated your account, you may still be eligible to participate. Included are former users who had active accounts at any time during the eligibility period.

Service usage period

The breach covers data compromised between August 23, 2018 and August 20, 2024. Your eligibility depends on whether you used Cash App or Cash App Investing at any point during this nearly six-year period. This window covers:

• Initial impact: Users who had accounts or transactions around the time the former employee gained access to sensitive information in December 2021.
• Constant use: Individuals who maintained their accounts before or after the breach are also included, ensuring a wide range of potentially affected users.

Type of incident that occurred

The compensation is specifically for users who experience one of the following situations:

• Unauthorized access: If you notice suspicious activity, such as unauthorized transactions or changes to your account, you may fall under this category. This may include situations where your account or financial data has been accessed without your consent.
• Disclosure of personal data: Even if unauthorized transactions were not detected, users whose personal information was exposed in a hack, such as full names, account numbers, portfolio values, or trading activity, may file a claim. While sensitive data such as Social Security numbers and bank details were not reported to have been compromised, other identifiable data may still have been exposed.

Next steps for eligible users

If you believe you meet these criteria, you should file a claim through the dedicated settlement portal at Cashappsecuritysettlement.com. Make sure you have collected all relevant documentation or evidence to support your claim, for example:

• Correspondence with Cash App about unauthorized access.
• Bank statements showing unauthorized payments.
• Proof of expenses incurred, such as credit monitoring services.

The deadline to file claims is November 18, 2024, so act quickly to receive compensation. If you received a notification with a Notification ID and Verification Code, please have this information ready when you file your claim.