移动付款服务现金应用程序已在访问敏感的客户数据后遭受数据泄露。
该服务背后的公司(以前是广场)本周早些时候向美国证券交易委员会(SEC)报告了这一事件。
在文件中,该公司解释说,该人被允许作为其过去工作职责的一部分访问此数据,但是当他们离开的那一刻时,该访问应该被禁止。到目前为止,Block拒绝解释为什么员工仍然能够访问数据。
你可能喜欢
顶级数字贷款公司安全滑道将3600万用户处于危险之中的数据
Zapier告诉客户他们的数据可能已访问
顶级门票转售平台受数据泄露打击 - 超过500,000个客户记录在线泄漏
Techradar需要您!
我们正在研究读者如何使用具有不同设备的VPN,以便我们可以改善内容并提供更好的建议。这项调查不应花费超过60秒的时间。感谢您参加。
>>单击此处在新窗口中开始调查 <<
Personally identifiable information
The motive behind the exfiltration is unclear, but we know the person took customers' full names and brokerage account numbers, and in some cases, brokerage portfolio value, brokerage portfolio holdings, and stock trading data.
Usernames, passwords and other identity-related information were not accessed, it was said.
Block also refrained from revealing the number of customers affected, but did say it was reaching out to more than eight million current and former customers about the breach. All of them reside in the United States.
“At Cash App we value customer trust and are committed to the security of customers’ information,” a spokesperson told TechCrunch.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
“Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. In addition, we continue to review and strengthen administrative and technical safeguards to protect information.”Read more
> Most companies are clueless when it comes to stopping insider threats
> 处理对您的混合动力劳动力的威胁
>如何检测和防御内幕威胁
本周早些时候,Imperva的网络安全专家发表了一份新报告,该报告表明大多数公司未能尽可能地认真对待内部威胁。
根据对500名安全专业人员的调查,该报告表明,公司通常会低估内部人员构成的威胁程度,这一结论可能是现金应用程序违规所加强的。
根据Imperva的说法,企业需要在其整体数据保护策略中增加内部风险,并建立一个结合多个工具的多样化的内幕威胁检测系统。确切地知道谁在市场上访问哪些数据以及市场上的最佳身份管理解决方案
通过TechCrunch
