The breach at Cash App, where a former employee accessed customer data without authorisation, demonstrates a critical vulnerability many organisations face today: insider threats. While external hacks often make headlines, insider incidents can be equally damaging and sometimes harder to detect.

The Cash App breach involved a former employee downloading reports that contained sensitive customer information. These reports included customers' full names, brokerage account numbers, and for some, detailed brokerage portfolio values, holdings, and stock trading activity for one day. Importantly, the breach did not include usernames or passwords, Social Security numbers, birthdates, payment card information, addresses, or bank account details.

Cash App responded by notifying affected customers and authorities, starting a forensic investigation, and reinforcing their security measures to prevent future incidents. The incident highlighted the need for comprehensive monitoring of employee access to sensitive data, especially after their employment ends, to mitigate the risk of data breaches

Insider risk management platforms such as ShadowSight could have been instrumental in preventing the Cash App breach. These platforms function by establishing baselines of normal access behaviours and then continuously monitoring for deviations from these patterns. For instance, ShadowSight could have identified the former employee’s attempt to download sensitive reports as an anomaly, particularly since the action occurred after their employment term had ended.

ShadowSight also enables near real-time alerts, which can prompt immediate action to investigate potential security violations. This quick response is critical in detecting the actual exfiltration of data and minimising its extent. The technology underpinning ShadowSight includes machine learning algorithms that adapt over time, improving the system's ability to discern between benign anomalies and potential threats.

The Cash App incident should serve as a wake up call for organisations to bolster their insider threat detection capabilities. Enhanced monitoring and control measures, such as those provided by ShadowSight, could spell the difference between a secured customer data environment and a catastrophic breach. By learning from incidents such as Cash App’s, companies can arm themselves against the ever-present risk posed by those within their own walls. This is not just a technical issue but a governance one, where strong policies must back robust technologies. As digital platforms continue to handle increasingly large volumes of sensitive information, the role of insider threat management platforms becomes more critical. Investment in such technology is not an overhead but a necessity in the modern data-driven business landscape. The goal is to create a security-conscious culture where safeguarding data is everyone's responsibility, supported by technology that ensures integrity and trust.

Christopher McNaughton

Strategic Advisor, ShadowSight

Who is Christopher McNaughton

Chris is a proficient problem solver with a strategic aptitude for anticipating and addressing potential business issues, particularly in areas such as Insider Threat, Data Governance, Digital Forensics, Workplace Investigations, and Cyber Security. He thrives on turning intricate challenges into opportunities for increased efficiency, offering pragmatic solutions derived from a practical and realistic approach.

Starting his career as a law enforcement Detective, Chris transitioned to multinational organisations where he specialised and excelled in Cyber Security, proving his authority in the field. Even under demanding circumstances, his commitment to delivering exceptional results remains unwavering, underpinned by his extraordinary ability to understand both cyber and business problems swiftly, along with a deep emphasis on active listening.

What is ShadowSight

ShadowSight is an innovative insider risk staff monitoring tool that proactively guards your business against internal threats and safeguards vital data from unauthorised access and malicious activities. We offer a seamless integration with your current systems, boosting regulatory compliance while providing unparalleled visibility into non-compliant activities to reinforce a secure digital environment. By prioritising actionable intelligence, ShadowSight not only mitigates insider threats but also fosters a culture of proactive risk management, significantly simplifying your compliance process without the overwhelming burden of false positives.