Current and former Cash App users could be eligible for a hefty piece of a proposed class-action settlement from the popular online payment service.
Earlier this year, Cash App Investing and its parent company Block Inc. agreed to pay $15 million to settle a lawsuit that alleged a “failure to exercise reasonable care” in protecting user information leading up to and after recent data breaches. The class-action complaint cited two incidents where access to some account data was compromised, saying this resulted in numerous unauthorized charges impacting Cash App customers.
Now, those consumers can submit a claim for a settlement payment — which could include reimbursement of up to $2,500 in out-of-pocket losses — ahead of final approval. Here's what you need to know.
Why was Cash App sued?
Get top local stories in Philly delivered to you every morning. >Sign up for NBC Philadelphia's News Headlines newsletter.
Cash App and Block, which is based in Oakland, California, were sued over their response to security breaches in recent years and allegations that they failed to implement sufficient security measures to protect customers.
The class-action pointed to a 2021 incident, which the company disclosed in 2022, where a former employee downloaded reports of some U.S. users without permission. It also noted another breach disclosed in 2023, when an unauthorized user accessed some Cash App accounts using phone numbers that were linked to them.
Cash App and Block have denied any wrongdoing. But to settle the litigation, they agreed to pay $15 million. Beyond attorneys fees and administration costs, that money will go to impacted customers who submit eligible claims.
U.S. & World
Stories that affect your life across the U.S. and around the world.
Cash App and Block also agreed to take steps toward strengthening data security as part of the settlement. The company did not comment further when reached by The Associated Press Friday.
How can I get a settlement payment?
To get a payment, you'll have to submit a claim on the official settlement administrator's website. The current deadline to submit a claim is Nov. 18 — with the settlement's final approval hearing slated for Dec. 16.
Those eligible include current or former Cash App customers who have been impacted by unauthorized access of their personal information or fraudulent withdrawals between Aug. 23, 2018 through Aug. 20 of this year. You may have received a personalized notice informing you about eligibility for the settlement by mail or email — but if not, there's also an option to manually provide information about your situation online.
How much money can I get?
Settlement payments will vary for each person depending on eligible losses — and also how many people end up submitting a claim.
Class members can potentially receive payment for three types of claims: out-of-pocket losses, lost time and transaction losses. With documentation, you may be able to receive reimbursement of up to $2,500 in out-of-pocket losses, $25 an hour for lost time (capped at three hours) and additional relief for transaction losses.
However, the settlement administrator’s website notes, payments may be reduced if there's not enough money in the net settlement fund for every approved claim. If that ends up being the case, payments will proportionally decrease depending on the share of each class member's claim.
What other options do I have?
If you want to exclude yourself from the settlement, class members have the option to “opt out” before Nov. 1. This allows you sue or be part of another related lawsuit against the defendants down the road. You can also object to the settlement agreement by writing to the court before Nov. 1.
Finally, you can choose to do nothing. But if you opt for no action, you will not get any payments and potentially also give up the to right to pursue another lawsuit with claims covered in the settlement.
How can I protect my data going forward?
Avoiding data breaches entirely can be tricky in our ever-digitized world, but consumers can take some steps to help protect themselves going forward.
The basics include creating hard-to-guess passwords and using multifactor authentication when possible. If you receive a notice about a breach, it’s good idea to change your password and monitor account activity for any suspicious transactions. You’ll also want to visit a company’s official website for reliable contact information — as scammers sometimes try to take advantage of news like data breaches to gain your trust through look-alike phishing emails or phone calls.
In addition, the Federal Trade Commission notes that nationwide credit bureaus — such as Equifax, Experian and TransUnion — offer free credit freezes and fraud alerts that consumers can set up to help protect themselves from identity theft and other malicious activity.
The American Bankers Association and others also urge extra caution around using payment apps like Cash App, as well as Zelle and Venmo. It's safest to confirm that you know to whom you're sending money, and avoid any links in unexpected emails, texts or message requests.