As the Cash app breach story unfolds, it is clear why Zero Trust & Least Privilege Access matter. In the SEC disclosure of the breach, Block, Inc. (parent co) reported:
“it recently determined that a former employee downloaded certain reports… While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended.
“The information in the reports included full name and brokerage account number (this is the unique identification number associated with a customer’s stock activity on Cash App Investing), and for some customers also included brokerage portfolio value, brokerage portfolio holdings and/or stock trading activity for one trading day.”
There should be no standing privileged accounts. If you need privileged access you should:
On expiration, or early check-in, the privileged account password is scrambled and saved along with the account being disabled until the next valid request.
Turning privileged accounts off is the best way to protect them from hackers.
This type of breach occurs more widely than most people may realize and is a textbook example of why the rapid removal of privileged access during employee terminations is an essential hallmark of strong cybersecurity programs. One of the most common findings in service organization controls (SOC) reports over the last decade has been the absence of timely revocations during employee termination, so Block, Inc. is not alone here. Sadly, with so much industry focus on investments in technology solutions to fend off malware, ransomware, and other external attack vectors, we often overlook the insider threat and the risk from human factors as a predominant cause of security breaches. This example is a stark reminder that network hardening also needs more focus on the inside of an organization, not just against outside threats.