Court Grants Preliminary Approval for Cash App Data Breach Settlement
The recent developments surrounding the Cash App data breach have culminated in preliminary approval from the court for a settlement, with the official claim form now made available under judicial supervision. Individuals who are part of the affected class are encouraged to review the settlement details to initiate their compensation claims.
In a significant legal action, plaintiffs initiated two separate complaints against Block and Cash App Investing, which evolved into a consolidated class action lawsuit. The allegations center on the defendants’ failure to adequately safeguard customer information following data security incidents that transpired in 2022 and 2023. Specifically, the lawsuit points to unauthorized access of customer accounts by a former employee, followed by a subsequent incident in 2023 where third parties exploited recycled phone numbers to infiltrate Cash App accounts. Plaintiffs contend that the companies ignored complaints from customers regarding fraudulent transactions, further exacerbating the situation.
While the defendants deny any wrongdoing, they have opted to settle the lawsuit with a fund totaling $15 million. Class members, who have experienced inconveniences due to the breach, must file their claims by the deadline of November 18, 2024, as established by the Settlement Administrator.
It is imperative for affected individuals to note key dates related to the settlement process. These include the deadline for claims submissions, set for November 18, 2024, as well as the cutoff date for opting out or objecting to the settlement, which falls on November 1, 2024. The final hearing to approve the settlement is scheduled for December 16, 2024.
Eligibility for filing a claim is primarily extended to current or former customers of Cash App or its subsidiaries who had their personal information accessed without consent, particularly during the class period spanning from August 23, 2018, to August 20, 2024. Individuals who experienced unauthorized transactions or suspicious activity in their accounts during this timeframe may qualify for compensation.
The $15 million settlement fund will first cover expenses such as attorney fees, service awards for class representatives, and administrative costs before distributing the remaining funds to eligible class members with valid claims. Compensation may cover out-of-pocket losses incurred as a result of the breaches—claims can be submitted for costs related to credit monitoring, identity theft insurance, and various other financial inconveniences.
Furthermore, claimants are entitled to compensation based on the time spent addressing issues stemming from the security incidents. Each eligible claimant can receive reimbursement for up to three hours of their time spent navigating the repercussions of these breaches at a rate of $25 per hour. Those who suffered monetary losses from the 2022 breach can seek compensation contingent on documentation, such as police reports or complaints to the defendants.
Given that Cash App operates within a dynamic digital financial landscape, this incident highlights significant vulnerabilities in customer data security and access controls. Although the defendants maintain their assertion of no wrongdoing, the incident underscores critical themes in cybersecurity, including the methodologies for initial access and privilege escalation as outlined by the MITRE ATT&CK framework. Potential adversary tactics could include exploitation of user credentials and gaining unauthorized access through manipulated contact information.
As class members prepare to navigate the claims process, it remains crucial to submit all necessary documentation by the stipulated deadline to ensure the potential for financial redress following this data breach. Efforts to resolve these security concerns reflect broader risks pervasive in the fintech sector, providing a crucial reminder for businesses to continuously evaluate and strengthen their data protection strategies.