The  Block and Cash App class action lawsuit

A  class action was filed against mobile payments company Cash App Investing and its parent Block over negligent behavior related to the December 2021 data breach that allegedly compromised the personal information of 8.2 million former and current users. The breach resulted from an ex-employee still having access to reports containing users’ full names and brokerage account numbers, according to an April  filing by Block with the Security and Exchange Commission (SEC). The ex-employee had regular access to reports as part of their past job responsibilities. The ex-employee accessed the reports without permission after their employment ended. The company stated that no personally identifiable information such as usernames or passwords, Social Security numbers, date of birth, payment card information, addresses, or bank account information was compromised. However, the downloaded reports contained customers’ full names and brokerage account numbers — unique ID numbers associated with Cash App Investing customers’ stock activity. The class action maintains that data breach victims now face a heightened risk of identity theft and fraud. The lawsuit links the data breach with subsequent thefts from users’ Cash App accounts, with the leading plaintiffs arguing they experienced fraudulent activity on their accounts following the breach. 

https://www.pymnts.com/legal/2022/cash-app-block-accused-of-negligence-in-class-action-over-breach/

USEFUL NOTES FOR:

Description of the data breach (see attached file), including outcomes for the affected organization(e.g., regulatory and financial)

Introduction

The following information is a description of the data breach, including outcomes for the affected organization(e.g., regulatory and financial).

Description of the data breach (see attached file), including outcomes for the affected organization(e.g., regulatory and financial)

A data breach occurred at a major financial services company. The breach affected more than 30,000 accounts and resulted in the theft of personal information (e.g., names, addresses, phone numbers). The stolen data was used by criminals to fraudulently open new accounts and apply for loans against their existing assets.

The impact on the impacted organization was significant: It lost customers who were not able to obtain loans; it suffered reputational damage; it had to pay out money to compensate customers who experienced financial loss due to fraudulent activities by others; it incurred regulatory fines related to publicizing a breach without disclosing all known facts about what happened (as required by law); etc.

You can motivate yourself without being mean to yourself.

You can motivate yourself without being mean to yourself.

You can be kind and still be motivated.

It’s a simple idea, but it works! When we’re feeling down or worried about something, it’s easy to think negatively about ourselves—and then we get more negative feelings in return. But that doesn’t have to be the case! If you focus on something else (like how motivated you are), you’ll feel better almost immediately.

Conclusion

We hope that this brief summary of the data breach has been helpful in providing some context and clarity around what happened. We want you to know that we’re here for you, and we’re committed to ensuring that this doesn’t happen again.

USEFUL NOTES FOR:

Description of the data breach (see attached file), including outcomes for the affected organization(e.g., regulatory and financial)

Introduction

Premera Blue Cross (Premera) is a health insurance company based in Seattle, Washington. The company provides health coverage to people living in Washington, Oregon and Alaska. In May 2014, Premera discovered that it had been hacked and personal information of 11 million customers was stolen.

The data breach of Premera Blue Cross (Premera) occurred between May 2014 and March 2015.

The data breach of Premera Blue Cross (Premera) occurred between May 2014 and March 2015. It was discovered in January 2015 and affected 11 million customers across Washington, Oregon, Alaska and Idaho.

The attacker was unknown at the time of discovery but is believed to be an insider with knowledge of the company’s IT systems.

Attackers were able to access personal information of 11 million Premera customers in Washington, Oregon and Alaska.

The attackers were able to access personal information of 11 million Premera customers in Washington, Oregon and Alaska. They got access to bank account numbers, social security numbers, email addresses and medical names including those for prescriptions.

Attackers got access to bank account numbers, social security numbers, email addresses and medical names including those for prescriptions.

The attackers used a malware to gain access to the data. They got access to bank account numbers, social security numbers, email addresses and medical names including those for prescriptions.

It is unknown how the attackers accessed the company’s network.

It is unknown how the attackers accessed the company’s network. There are several possible scenarios:

• The attackers could have used a phishing attack to obtain access credentials.

• The attackers could have used a brute force attack to break into the network and gain access to sensitive information.

• The attackers could have installed malware on some or all of the affected devices, allowing them to collect additional data from within their environment without needing additional credentials from any other users or systems within their environment (i.e., “zero-day” or “zero week” exploits).

The hack was not detected until January 2015 due to an investigation by the FBI on an attack to Anthem.

The hack was not detected until January 2015 due to an investigation by the FBI on an attack to Anthem. The same tactics were used in both attacks, and the hackers responsible for Premera’s data breach have also been linked to other recent breaches at health insurers including Cigna, Laboratory Corporation of America Holdings (LabCorp) and Epic Systems Corp.

Premera had not detected the breach until January 2015 because many of its systems were out of date or did not comply with industry standards for protecting patient information.

After this investigations, it was discovered that the same tactics were used in both attacks.

After investigating, it was discovered that the same tactics were used in both attacks. The attackers used spear phishing emails to gain access to corporate networks and then used credential stuffing techniques to spread malware across different devices.

To gain access to Premera’s network, the attacker sent an email with a link that appeared legitimate but actually contained malicious content such as an attachment or URL, which would allow them access if clicked on by someone who had been targeted by this particular attack vector. In addition, once inside your network they could use another technique called “reconnaissance” – where they look for information about your organization (e.g., names of employees), check out its infrastructure (e.g., servers), etc…

As a result of this breach, Premera will be required to conduct a third-party audit at their expense and submit a plan that they would follow to prevent future attacks.

As part of the settlement, Premera will be required to conduct a third-party audit at their expense and submit a plan that they would follow to prevent future attacks.

In addition, Premera will need to report the results of this audit and plan for future breaches going forward.

It is important for organizations to take extra measures to protect their customers information

It is important for organizations to take extra measures to protect their customers information.

It is also important that an organization has a plan in place for when an attack occurs.

Any company should have a team of people who are trained to handle data breaches and other cyber attacks on their networks.

An organization should also have a plan for communicating with customers about the breach, including how long it will take them to receive all of the information they need from the company.

Conclusion

As we have seen, the Premera Blue Cross data breach was a serious event that affected 11 million customers. It was able to occur due to an attack on a large health insurer and it shows us how vulnerable our information is today. This incident also highlights how important it is for businesses to take extra measures when protecting their customers’ personal details so they do not fall victim to cybercriminals who are looking for easy prey like these companies do everyday in order steal valuable information from them!