View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Analysis
August 25, 2022updated 26 Aug 2022 12:36am

Block lawsuit over cybersecurity incident is the latest setback for Jack Dorsey

Bock getting sued for failing to live up to its commitment to defend users' privacy is another thing for Jack Dorsey to worry about

By Eric Johansson

Jack Dorsey is not having a great week. Over the past four days, his friend Elon Musk has dragged him into an increasingly messy legal battle over the botched acquisition of Twitter, a whistleblower has criticised decisions made during his tenure as CEO, and a lawsuit has accused his other company, Block, of failing to protect users’ private data.

Free Whitepaper
img

Never Trust, Always Verify: Is Zero Trust the Next Big Thing in Cybersecurity?

Cyberattacks continue to rise every year and no sector seems to be immune. Hackers target sensitive information such as organizational, client, and financial data, as well as intellectual property (IP) and proprietary functions. As digital transformation becomes a top priority for many organizations, traditional perimeter-based security models are no longer sufficient to address the growing cybersecurity concerns. Against the backdrop, enterprises explore zero trust as it takes a micro-level approach to authenticate and approve access at every point within a network. Reasons to read: The cybersecurity landscape is swiftly changing, and businesses need more awareness to meet the evolving change. The report highlights the current state of play and the future potential of the zero trust approach in cybersecurity to protect critical digital infrastructure of enterprises across sectors such as financial services, healthcare, telecom, and transportation, among others. Read our report and gather insights on the following topics:
  • Traditional vs zero trust protection
  • Key advantages and solution providers
  • Major industries and key players
  • Drivers and challenges
  • Top funded startups and Mergers & Acquisitions
  • Implementation challenges
by GlobalData
Enter your details here to receive your free Whitepaper.

On Monday, court documents revealed that the two-time Twitter CEO had been subpoenaed to testify in the upcoming trial between the social media company and Musk. Twitter has sued Musk for backing out of a $44bn deal to buy the company. The Tesla technoking has shot back, saying that whatever deal reached is null and void because Twitter lied about the number of fake accounts on the platform.

Dorsey is only the latest Silicon Valley superstar to be roped into the legal battle. Twitter has previously subpoenaed Musk-tied industry celebrities like the prominent venture capitalist Marc Andreessen and David Sacks, the founding COO of PayPal. The trial is scheduled to kick off on October 17.

Dorsey served as CEO of Twitter from 2006 until he was booted out in 2008. He was then rehired as CEO in 2015. Dorsey stepped down as CEO of Twitter in November 2021.

Dorsey had almost been ousted one year earlier when stakeholder Elliott Management had put his commitment to Twitter in doubt as he was also the CEO of Square, which was rebranded as Block last year. Former Twitter CTO Parag Agrawal took over as CEO after Dorsey left.

Whistleblower case stokes the fires

People were reminded of Elliot Management’s critique of Dorsey on Tuesday when an explosive expose by CNN and The Washington Post revealed that serious vulnerabilities could be exploited by Chinese and Russian hackers. The former head of security at Twitter, Peiter “Mudge” Zatko, was at the centre of the accusations.

The whistleblower claimed that a combination of weak cybersecurity controls and poor judgement had exposed Twitter to numerous foreign intelligence risks. Zatko accused Agrawal and other executives of knowingly putting user growth ahead of security. He said executives stood to win individual bonuses of as much as $10m if the number of daily users grew.

The former security boss left the company in January. He also stoked the fires around the legal battle with Musk by claiming that the company had done little to reduce the number of bots on the platform.

However, the veracity of these claims are in doubt among Twitter’s own employees.

“The feeling inside is that Mudge is a bitter shit trying to get revenge for the company outing him as the ineffective, sloppy employee he was,” one anonymous Twitter employee told WIRED.

Nevertheless, given that most of the things Zatko complained about happened during Dorsey’s latest tenure as CEO, it just adds to the former CEO’s bad week.

Dorsey owns 2.4% of Twitter, according to Bloomberg.

Block accused of being negligent in cybersecurity

The trifecta was completed on Tuesday when Block was sued over a cybersecurity incident the company’s Cash App in December 2021. The app allows users to buy and sell stocks.

The class action lawsuit accuses the company of having poor security practices, which were made evident when it was revealed that a former employee still had access to 8.2 million users’ data.

Block disclosed the cybersecurity incident in April 2022. It revealed that the ex-staffer had access to users’ full name and brokerage account number as well as brokerage portfolio value, holdings and stock trading activity.

Following the breach, Cash App users have reported multiple fraudulent transactions on the Cash App, Forbes reported. However, the suit does not provide evidence linking those thefts to the hack.

Block did not return Verdict’s requests for comments.

Cybersecurity experts note that the Block incident highlights how employees continuous to be one of the biggest risks for companies digital defences.

“Dangerously, insider threats remain the most damaging of all threats for companies and can have worrying consequences,” Jake Moore, global security advisor at cybersecurity firm ESET, tells Verdict.

“Giving the keys to the kingdom comes with great power but also offers a threat level that is often unquantifiable. Poor security practices are inconceivable in current times and especially within such a big company and this could also harm the company going forward in terms of reputation. Security procedures mitigating insider threats are indeed possible, but cutting corners to favour convenience over security is likely here which is so often the biggest mistake businesses make.”

GlobalData is the parent company of Verdict and its sister publications.

Free Whitepaper
img

Never Trust, Always Verify: Is Zero Trust the Next Big Thing in Cybersecurity?

Cyberattacks continue to rise every year and no sector seems to be immune. Hackers target sensitive information such as organizational, client, and financial data, as well as intellectual property (IP) and proprietary functions. As digital transformation becomes a top priority for many organizations, traditional perimeter-based security models are no longer sufficient to address the growing cybersecurity concerns. Against the backdrop, enterprises explore zero trust as it takes a micro-level approach to authenticate and approve access at every point within a network. Reasons to read: The cybersecurity landscape is swiftly changing, and businesses need more awareness to meet the evolving change. The report highlights the current state of play and the future potential of the zero trust approach in cybersecurity to protect critical digital infrastructure of enterprises across sectors such as financial services, healthcare, telecom, and transportation, among others. Read our report and gather insights on the following topics:
  • Traditional vs zero trust protection
  • Key advantages and solution providers
  • Major industries and key players
  • Drivers and challenges
  • Top funded startups and Mergers & Acquisitions
  • Implementation challenges
by GlobalData
Enter your details here to receive your free Whitepaper.

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Wednesday.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU

Thank you for subscribing to Electronic Payments International