The Weekly Breach Breakdown Podcast by ITRC - Settle a Score - S5E27

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for August 23, 2024. I’m Alex Achten, Director of Communications & Media Relations of the ITRC. Thanks to Sentilink for supporting the ITRC and this podcast.

Each week, we look at the most recent events and trends related to data security and privacy. Today, I will talk about the recent Cash App data breach settlement. We will discuss what it means for you, but first, let’s look back at what happened that led to Cash App having to settle a lawsuit – or “score,” to quote the title of this podcast.

In 2022, Cash App disclosed that a former employee downloaded reports of some users without permission in 2021. The mobile payment service also noted that another data compromise occurred in 2023, where an unauthorized user accessed some Cash App accounts using phone numbers that were linked to them. CBS News reports that plaintiffs also alleged that Cash App and its parent company, Block, failed to install controls to block unauthorized users and that the company mishandled customer complaints about the compromises and fraudulent transactions.

While Cash App and Block have denied any wrongdoing, this led to a recent $15 million class-action settlement where Cash App and Block agreed to take steps toward strengthening data security. More importantly to customers, people whose accounts were accessed without authorization or who had fraudulent withdrawals or transfers between August 23, 2018, and August 20, 2024, can file a claim for potentially more than $2,500.

I am sure many of you are asking how to file a claim following the Cash App data breach settlement. Visit www.cashappsecuritysettlement.com and click “Submit Claim.” Once on the page, you will need to enter a notice ID and confirmation from a mailed or emailed notice. You can also file a claim if you have not received a notice on the right side of the page. According to the settlement website, each claimant should only submit one claim form. If you have multiple accounts, you should list your $Cashtag identifier, which is unique for each account, and information about your claims on one claim form. Users have until November 18, 2024 to file a claim.

You might be wondering how much money you will get. It depends on how many people file claims. The payouts come from the $15 million from the Cash App data breach settlement. If there is not enough money to pay every approved claim in full, payments will be made on a reduced pro-rata basis.

It is important to remember that you must have third-party documentation to back up your claim for up to $2,500 in reimbursement. Out-of-pocket expenses can include:

• Late or missed payment fees or charges that haven’t been refunded
• Overdraft fees that haven’t been refunded
• Costs for credit monitoring or identity theft insurance, requesting a credit report or a credit freeze
• Costs related to closing a bank account and opening a new bank account
• Costs incurred from canceling a payment card or getting a replacement card

As part of the Cash App data breach settlement, you can claim up to three hours of lost time at $25 per hour and get reimbursed for transaction losses. Just remember those claims also require documentation like a police report.

Filing a claim is not your only option. You can also exclude yourself from the settlement, object to the settlement and/or attend a hearing, or do nothing. You can find all the information on the settlement at www.cashappsecuritysettlement.com.

You can learn more about the Cash App data breach by searching it on the ITRC’s data breach tracking tool, notified. If you want to know more about how to protect your business or personal information or think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Next week, we will have an episode of our sister podcast, the Fraudian Slip, featuring ITRC Chief Operating Officer James E. Lee, discussing how consumers view identity verification in 2024. Lee presented the findings from the ITRC’s latest research project on consumer experiences with application and identity verification processes at our Identivation Summit in May, supported by Socure. We will return in two weeks with another episode of the Weekly Breach Breakdown. I’m Alex Achten. Until then, thanks for listening.