As the Cash app breach story unfolds, it is clear why Zero Trust & Least Privilege Access matter. In the SEC disclosure of the breach, Block, Inc. (parent co) reported:
“it recently determined that a former employee downloaded certain reports… While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended.
“The information in the reports included full name and brokerage account number (this is the unique identification number associated with a customer’s stock activity on Cash App Investing), and for some customers also included brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day.”
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
