Block Cash App 8.2 Million Customers’ Data Breached – Experts Reactions

Cybersecurity experts commented on the news of the Cash App data breach.

Experts Comments

April 07, 2022
Erfan Shadabi
Cybersecurity Expert
comforte AG

The data breach incident that Block disclosed about a former employee who downloaded highly sensitive customer information accentuates the threat posed by the “inside job.” We often focus on threat actors working on the outside of our perimeters trying to get into the enterprise environment and thereby compromise data, but people on the inside have a leg up because usually, they have some access to the internal network environment and IT resources.

What we learn from such incidences is that our

.....Read More

The data breach incident that Block disclosed about a former employee who downloaded highly sensitive customer information accentuates the threat posed by the “inside job.” We often focus on threat actors working on the outside of our perimeters trying to get into the enterprise environment and thereby compromise data, but people on the inside have a leg up because usually, they have some access to the internal network environment and IT resources.

What we learn from such incidences is that our focus should be on protecting the data itself. Consider more data-centric methods of protection such as tokenization or format-preserving encryption, which obfuscate sensitive (and valuable) information no matter who has access to it. Businesses should also adopt security stances like Zero Trust, which denies implicit trust to users, devices, and other entities regardless of their location within the network. Don’t trust and always verify!

  Read Less
April 07, 2022
Raj Dodhiawala
President
Remediant

While investigations of the Cash App breach are underway, leaving many unanswered questions on the 'how' this happened -- it's actually not as shocking to hear that it has, as some may think. In fact, there are numerous ways that this could have occurred, one of which is due to unrecognized privilege sprawl -- a factor that all companies should have top of mind.

Privilege sprawl is the always-on, always-available administrative access. It occurs when administrative, or special rights to a

.....Read More

While investigations of the Cash App breach are underway, leaving many unanswered questions on the 'how' this happened -- it's actually not as shocking to hear that it has, as some may think. In fact, there are numerous ways that this could have occurred, one of which is due to unrecognized privilege sprawl -- a factor that all companies should have top of mind.

Privilege sprawl is the always-on, always-available administrative access. It occurs when administrative, or special rights to a system, have been over-provisioned and granted to too many people within an organization.  

Company admins need access of course, but the 24x7x365 standing privileges that come with the 'always-available' approach are what get companies into hot water today, compounded by access that isn't de-provisioned when it really should, as the breach with the Cash App illustrates. Whether related to lax procedures, a lack of consistent oversight, or the fear of causing disruption to established processes, the proper de-provisioning or termination of privileged access is often neglected or mismanaged, including when a person exits a company.

Unfortunately, this is an issue growing in the dark of companies, quietly amassing to significant proportions and key to successful lateral movement attacks, which they don't even realize until it's too late.

For those looking to address privilege sprawl, it's important that they implement a 'Just-in-Time' approach with multi-factor authentication (MFA). This grants privileges only as needed for a set amount of time, and minimizes the sprawl that ultimately exposes companies to potential breaches.

  Read Less
April 07, 2022
Chris Hauk
Consumer Privacy Champion
Pixel Privacy

The CashApp data breach reminds us that many data breaches are an inside job. Disgruntled employees sometimes decide to download and steal company and customer data as revenge, or they are enticed into stealing data by financial offers from outside bad actors. Companies need to immediately revoke any former employee's access to data as soon as the employee's employment ends. Failing to revoke a former employee's access can lead to stolen data or other fraud.

April 07, 2022
Lamar Bailey
Senior Director of Security Research
Tripwire

Insider threats are a risk that does not get enough attention. Disgruntled or negligent employees can have a big impact on security. Organizations must limit access to what is specifically necessary for the role, put in audits for access, and tools to limit data leakage. If the data is important to you, it is important to an attacker too.

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.