In a significant development for millions of Cash App users, the platform has proposed a settlement of US$15 million in response to two notable data security incidents. These breaches, which occurred over the past few years, raised serious concerns about the app’s ability to safeguard sensitive user information. As the deadline to submit claims nears, it is essential for affected individuals to be aware of their potential eligibility and the claims process.
Overview of the First Breach
The first major security incident came to light in December 2021, when a former employee reportedly accessed sensitive information affecting over 8 million accounts. This breach was officially disclosed by Cash App in April 2022, revealing that the compromised data often contained full names, brokerage account numbers, and in some instances, details about users’ investment portfolios. This incident highlighted significant flaws in the security framework supporting Cash App’s brokerage services, questioning the platform’s dedication to protecting user information.
Allegations of Inadequate Security Practices
The second incident involved allegations against Cash App’s parent company, Block, suggesting that it did not implement sufficient security measures for its widely used peer-to-peer payment platform. The plaintiffs in the consolidated class-action lawsuit assert that unauthorized access to Cash App accounts occurred in 2023, facilitated through reused phone numbers. They argue that both Cash App and Block did not handle breach complaints effectively and were slow to respond to reports of fraudulent transactions.
The lawsuit alleges that these security breaches, along with the inadequate responses from both companies, reflect a broader failure to maintain effective security measures designed to protect user accounts. Despite these serious accusations, Cash App and Block have denied any wrongdoing, stating that the proposed settlement is not an admission of liability but rather a means to provide resolution for affected users. Cash App representatives reasserted this stance, which was subsequently covered by The New York Times.
Eligibility and Claims Process
Users who maintained a Cash App account between August 23, 2018, and August 20, 2024, may qualify to submit claims under this settlement. Eligible users can seek reimbursement for up to US$2,500 for out-of-pocket expenses resulting directly from the data breaches. Furthermore, claimants can also account for lost time, with compensation set at US$25 per hour for up to three hours. Those experiencing unreimbursed financial losses are encouraged to include these in their claims.
The clock is ticking, as the deadline to file claims approaches rapidly—submissions must be made via the settlement website by 2 AM ET on November 19. For qualifying individuals, the claims process is designed to be user-friendly, although it requires the collection of documentation supporting any incurred costs related to the breaches. A final court hearing concerning the details of the settlement is scheduled for December 16, which will determine the approval and distribution of funds to claimants.
As the filing deadline looms, eligible Cash App users are urged to act promptly to secure any compensation that may be available to them. Given the substantial implications of the breaches on user privacy and trust, the outcomes of these incidents underscore a critical need for enhanced security protocols within the fintech industry.