Security News > 2022 > April > Block claims ex-employee downloaded customer data after leaving firm
A former employee with Block used the digital financial services firm's Cash App products to access and download personal information about US customers in December 2021, the firm has claimed.
In a filing this week with the Securities and Exchange Commission, Block officials alleged the ex-employee on December 10 downloaded reports of the company's Cash App Investing subsidiary.
"Without a strong offboarding process, accounts that should be disabled can easily be missed, leaving them open for abuse by ex-employees. Shared passwords are equally as dangerous, especially if they are not changed immediately after an employee leaves."
It's common for ex-employees to feel entitled to information of customers they worked with or of intellectual property they worked on, so it's incumbent on enterprises to remove access to such data quickly and efficiently when workers leave, Kron said.
It was unclear from the SEC filing how the supposed former Block employee was able to access the reports or who the firm alleges the ex-worker is - the company only said that "While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended."
According to the filing, the former employee allegedly downloaded the reports on the same day that the company officially changed its name from Square to Block, creating a single brand for its various products, including Tidal - a music streaming service - Cash App and Square.