IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Block accused of woefully mishandling data breach affecting 8.2 million users

Class-action lawsuit claims the company took too long to inform customers and failed to provide a sufficient explanation for the breach

Multinational tech firm Block is facing claims that it mishandled a major data breach, and faces a class-action lawsuit over its response time and mitigations to the incident.

The plaintiffs argue that because of a four-month delay between the company learning about the data breach and notifying affected customers, Block is in violation of several pieces of consumer legislation. The complaint cites acts such as the California Customer Records Act, Illinois Consumer Fraud Act, and Texas Deceptive Trade Practices Act.

Related Resource

Future proofing data infrastructure with more performance, scalability, and resiliency

Dell PowerStore

Whitepaper cover with title and text and gold gradient header bannerFree Download

In December, Block learned that one of its former employees had downloaded information on users of the company’s mobile payment service app Cash App. Using the investment service that Cash App offers, the employee was able to access information such as customer names, brokerage account numbers, and trading activity for a specific day.

Around 8.2 million users were advised about the breach four months later in April, when the company made the matter public. The plaintiffs argue that this is an unacceptable amount of time for the company to have waited before acting, and that the information eventually provided did not properly explain the failure in its security.

“Defendants’ notice of the Data Breach was not just untimely but woefully deficient, failing to provide basic details, including but not limited to, how the unauthorized former employee was able to access its networks, whether the Private Information accessed was encrypted or otherwise protected, or how it learned of the Data Breach," the lawsuit contends.

“Even worse, Defendants failed to offer any credit or identity theft monitoring services for Plaintiffs and Class members."

The plaintiffs have also stressed that the breach exposes the security systems Block has in place as inadequate, and that failure to disclose this to its customers amounts to deceptive practice. Several acts of legislation are used to define deceptive practice, such as the Texas Deceptive Trade Practices Act which sets it out as “[r]epresenting that goods or services are of a particular standard, quality or grade, if they are of another”.

Block had stated in April that it spoke to law enforcement following the breach, but failed to provide a material explanation of how a former employee could still access sensitive information.

The plaintiffs argue that they incurred losses and harm to their privacy as a result of the breach, something that could have been avoided if Block had informed them of the breach immediately. This includes “lost time dedicated to the investigation of and attempt to recover the loss of funds and/or cure harm to their privacy”.

Cash App is a popular app for sending money, with an especially active userbase in the US, and over 70 million active customers worldwide in the period 2020-2021. In addition to operating Cash App, Block owns the company Square, which offers card payment hardware and software to businesses, and buy now pay later (BNPL) platform Afterpay, which it acquired in 2021.

IT Pro has approached Block for comment.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

A strategic guide for controlling and securing your data
Whitepaper

A strategic guide for controlling and securing your data

25 Oct 2022
Database and big data security
Whitepaper

Database and big data security

24 Oct 2022
Five common data security pitfalls
Whitepaper

Five common data security pitfalls

21 Oct 2022
Just enough data governance
Whitepaper

Just enough data governance

22 Sep 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022