In April 2022, Cash App disclosed that a former employee had downloaded sensitive data belonging to more than 8 million customers. Not a hacker with sophisticated tools. Not a state-sponsored intrusion. A person who used to work there, still had access to internal systems after leaving the company, and walked out with customer names, brokerage account numbers, portfolio values, and stock trading activity.

This kind of breach does not get the dramatic headline treatment that ransomware attacks do, but it is far more common than most organizations want to acknowledge. The 2022 Verizon Data Breach Investigations Report found that insiders — current and former employees, contractors, and partners — account for a significant share of data incidents every year. And they are harder to catch because they are not breaking in. They already have the keys.

The Cash App case highlights a failure that is entirely preventable: access that was not revoked when employment ended. Offboarding is not an HR formality. It is a security event. The moment someone leaves an organization, their access to sensitive systems, data storage, and internal tools should end — immediately, completely, and verifiably.

For organizations collecting and storing customer financial data, health information, or any kind of personal records, the insider threat is not a hypothetical. It is a routine operational risk. Role-based access controls, access reviews, and a disciplined offboarding process are not advanced cybersecurity — they are the basics. The Cash App breach is a reminder of what happens when the basics get skipped.

Source: Security Magazine — The Top 10 Data Breaches of 2022