back to article Block claims ex-employee downloaded customer data after leaving firm

A former employee with Block used the digital financial services firm's Cash App products to access and download personal information about US customers in December 2021, the firm has claimed. In a filing this week with the Securities and Exchange Commission (SEC), Block officials alleged the ex-employee on December 10 …

  1. Doctor Syntax Silver badge

    "in this instance these reports were accessed without permission after their employment ended."

    It depends on what you mean by "without permission". Computer didn't say "No".

    1. Aitor 1 Silver badge

      Was him?

      How are they going to prove it was him and not someone with his id? Could be his boss or another associate

      1. Version 1.0 Silver badge

        Re: Was him?

        "How are they going to prove it was him and not someone with his id?"

        Sure, but since his id appears to have been used, and worked after he left, it looks like the main problem is in Block's lack of security administration.

        1. Snowy Silver badge
          Holmes

          Re: Was him?

          Was going to say when someone leaves their access should be removed but I think that is too late and access to systems should be removed before they leave.

          1. An_Old_Dog Bronze badge

            Re: Was him?

            It's always a nervous moment after trying multiple times to log in and failing, even after typing very slowly and carefully. You then wonder: "Did my account expire, did someone fat-finger a sysadmin tool, was some sysadmin script buggy, did AD (or NDS, or whatever) go wonky, or is my boss going hand me a termination packet when he comes in at 9:00AM?"

      2. yetanotheraoc Silver badge

        Re: Was him?

        Most likely how they found out about the download was -- one of their customers called them and asked why "the accused" was trying to sell them the same service they were already getting from Block.

  2. Ozchemist

    Not the first time, won't be the last time.

    I worked for a large (the largest) multinational oil company back in the 1990's and held a technical position that gave me privileged access to all of their "trade secret" formulation data as well as sales and financial data. Privileges has been accrued over a number of years, and each times I changed roles they'd just add new privileges - so the data I could access just kept expanding.

    I had a local account, as well as international accounts, into remote servers with remote (dial-in) access (which was rare for the company at the time).

    I left amicably, a job change for family reasons, and was asked by my local manager "You haven't taken any information with you, have you?" - my reply was that "No, but if I'd wanted to take information, I'd have done it years ago and you'd never know - security is shit on these servers. BTW, make certain that, when I leave, ALL of my accounts/privileges are cancelled - I don't want to get a call from Corporate in 12 months!".

    Three months after I left, I called up the local office and asked to speak to IT - and informed them that I still had remote access privileges on 3 of their servers - the local one and two international ones. Nobody had bothered to remove access or remove any of the privileges. I called my ex-manager and roasted him. I then called Corporate and advised them.

    Their Corporate process was well documented - but never acted upon. The local and international IT groups rarely dealt with each other except for major hardware/software CAPEX or significant problems. And managers had a habit of passing everything to HR when an employee left - and HR had a "disconnect: with IT.

    I hate to think how many other accounts remained active.

    1. Clausewitz 4.0 Bronze badge
      Devil

      Re: Not the first time, won't be the last time.

      Same here. I realized I still had access for a multinational after about 5 years I had left.

      If I try some old accesses ( are encrypted ) I bet some will work.

    2. hayzoos

      Re: Not the first time, won't be the last time.

      I was contacted by a former employer to do some admin work remotely. The person they hired was having some difficulty. After getting the CYA documentation covered, I said I would need access established. The reply was your account is still active. Two years plus after I left, after I advised my accounts should be disabled or even removed. I performed the agreed upon work. I noticed some other which should be done but I said nothing, was not part of the deal. I locked my account on my way out. I had left on decent terms, but after being denied a raise I felt I was worth. They hired a replacement and a part-timer, I would guess that cost more than my denied raise.

  3. The Indomitable Gall

    I take issue with this part...

    " Historically an employee would have a single account in a central authentication server like Microsoft's Active Directory that would give them access to networks and applications. When the employee left the company, all that was needed was disabling or deleting that single account.

    "Today, however, an organization may have dozens of SaaS solutions in use, many with stand-alone authentication systems not tied to the company's internal authentication database," Clements told The Register. "

    Historically, you'd have umpteen passwords and logins because most of the systems wouldn't connect to AD.

    We're now entering a world of SSO, where almost everything can be authenticated with a single Microsoft or Google ID.

    The danger isn't that we're increasing the number of logins, but that as the number of logins decrease, we're liable to get blasé and assume that one click kills all logins, when it doesn't.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022