Block
Company Details
Linkedin ID:
joinblock
Website:
Employees number:
13,182
Number of followers:
165,867
NAICS:
52
Industry Type:
Homepage:
block.xyz
IP Addresses:
0
Company ID:
BLO_3745819
Scan Status:
In-progress
Block Company CyberSecurity Posture
block.xyz
Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams — People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more — provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.
Block A.I CyberSecurity Scoring
Block Risk Score (AI oriented)Between 700 and 749
Block
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Block Global Score (TPRM)XXXX
Block
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Block Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Block (Cash App)
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Block, the parent company of Cash App, faced a significant data breach in December 2021 when a former employee unlawfully downloaded personal information of approximately 8.2 million Cash App users. The breach was not disclosed until April 4, 2022, nearly four months later, raising concerns about transparency and data security practices. Shareholders filed a class-action lawsuit, alleging Block misled investors by failing to disclose inadequate security measures before the breach and during its $29 billion acquisition of Afterpay. While the lawsuit was dismissed due to lack of evidence of fraudulent intent, the incident exposed vulnerabilities in Block’s data protection framework. Additionally, Block settled separate regulatory cases in 2024, paying $80 million to 48 states and $40 million to New York for anti-money laundering deficiencies in Cash App. The breach involved customer data leakage, though no ransomware was reported. Cash App, with 57 million monthly users and $283 billion in inflows (2024), faced reputational and financial risks, though the direct operational impact appeared contained to data exposure and legal repercussions.
Block Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Block
Incidents vs Financial Services Industry Average (This Year)
No incidents recorded for Block in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Block in 2026.
Incident Types Block vs Financial Services Industry Avg (This Year)
No incidents recorded for Block in 2026.
Incident History — Block (X = Date, Y = Severity)
Block cyber incidents detection timeline including parent company and subsidiaries
Block Company Subsidiaries
Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational teams — People, Finance, Counsel, Hardware, Information Security, Platform Infrastructure Engineering, and more — provide support and guidance at the corporate level. They work across business groups and around the globe, spanning time zones and disciplines to develop inclusive People policies, forecast finances, give legal counsel, safeguard systems, nurture new initiatives, and more. Every challenge creates possibilities, and we need different perspectives to see them all. Bring yours to Block.
Loading...
Block Similar Companies
First American Financial Corporation is a premier provider of title, settlement and risk solutions for real estate transactions. With its combination of financial strength and stability built over more than 130 years, innovative proprietary technologies, and unmatched data assets, the company is lea
BDO is a full-service universal bank in the Philippines. It provides a complete array of industry-leading products and services including Lending (corporate and consumer), Deposit-taking, Foreign Exchange, Brokering, Trust and Investments, Credit Cards, Corporate Cash Management, and Remittances in
Tata Capital Limited is a subsidiary of Tata Sons Limited. The Company is registered with the Reserve Bank of India as a Core Investment Company and offers through itself and its subsidiaries fund and fee-based financial services to its customers, under the Tata Capital brand. As a trusted and custo
TVS Credit Services Ltd.
From the largest cities to the smallest villages, India is filled with ambition and enterprise. As Indians from all walks of life set out to write their growth story, our timely and affordable credit empowers them to bring their dreams alive. As part of the TVS Group, we empower Indians from vario
Motilal Oswal Financial Services Ltd
Motilal Oswal Financial Services Ltd. (MOFSL) was founded in 1987 as a small sub-broking unit, with just 2 people running the show. Focus on a customer-first attitude, ethical and transparent business practices, respect for professionalism, research-based value investing, and implementation of cutti
Swedbank
Since 1820, Swedbank has been the bank for the many households and businesses. We are a modern financial services platform focused on customer satisfaction. Our goal is to encourage people to save for a better future, and we aim to help people, businesses and society to grow by promoting a healthy a
J.P. Morgan
J.P. Morgan is a leader in financial services, offering solutions to clients in more than 100 countries with one of the most comprehensive global product platforms available. We have been helping our clients to do business and manage their wealth for more than 200 years. Our business has been built
People are living longer, and we are excited about the possibilities this brings. We see longevity, aging, and changing life patterns as an opportunity for our customers, our employees, and society as a whole. And we want to support everyone in building the financial means to explore the possibiliti
Prudential plc
We are Prudential. For Every Life, For Every Future. Prudential provides life and health insurance and asset management in Greater China, ASEAN, India and Africa. Prudential’s mission is to be the most trusted partner and protector for this generation and generations to come, by providing simple a
.png)
Block CyberSecurity News
January 20, 2026 06:54 PM
EU plans cybersecurity overhaul to block foreign high-risk suppliers
The European Commission has proposed new cybersecurity legislation mandating the removal of high-risk suppliers to secure telecommunications...
January 19, 2026 01:59 PM
Brussels plans to force governments to block Huawei from 5G
New EU cyber bill looks to root out risky Chinese technology vendors from tech supply chains across Europe.
January 16, 2026 02:09 PM
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts
Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR)...
December 09, 2025 08:00 AM
Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats
Chrome adds new layered defenses to block prompt injections, restrict origin access, and prevent unsafe AI actions.
December 08, 2025 08:00 AM
Block all AI browsers for the foreseeable future: Gartner
Agentic browsers are too risky for most organizations to use, according to analyst firm Gartner. The firm offered that advice last week in a...
November 28, 2025 08:00 AM
Microsoft to Block External Scripts in Entra ID Logins to Enhance Protections
Microsoft is improving Entra ID security by updating its Content Security Policy to stop external scripts from running during sign-ins.
November 17, 2025 08:00 AM
£21 million investment backs new technology to block cyber attacks at the hardware level
The UK government has announced a significant £21 million investment to accelerate the development of CHERI, a new cyber-secure hardware capable...
November 06, 2025 08:00 AM
The Silent Insider Threat: When Employees Undermine Cybersecurity Messaging
Most cybersecurity strategies focus on firewalls, encryption and patch management. Yet one of the most damaging vulnerabilities often sits...
October 28, 2025 02:16 AM
Edward H. Block, Senior Counsel, Cybersecurity, Privacy & Data Protection
Edward H. Block is a senior counsel in Akin's cybersecurity, privacy and data protection practice in the Dallas office. He advises a broad range of companies on...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Block CyberSecurity History Information
Official Website of Block
The official website of Block is https://block.xyz/.
Block’s AI-Generated Cybersecurity Score
According to Rankiteo, Block’s AI-generated cybersecurity score is 744, reflecting their Moderate security posture.
How many security badges does Block’ have ?
According to Rankiteo, Block currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Block been affected by any supply chain cyber incidents ?
According to Rankiteo, Block has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Block have SOC 2 Type 1 certification ?
According to Rankiteo, Block is not certified under SOC 2 Type 1.
Does Block have SOC 2 Type 2 certification ?
According to Rankiteo, Block does not hold a SOC 2 Type 2 certification.
Does Block comply with GDPR ?
According to Rankiteo, Block is not listed as GDPR compliant.
Does Block have PCI DSS certification ?
According to Rankiteo, Block does not currently maintain PCI DSS compliance.
Does Block comply with HIPAA ?
According to Rankiteo, Block is not compliant with HIPAA regulations.
Does Block have ISO 27001 certification ?
According to Rankiteo,Block is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Block
Block operates primarily in the Financial Services industry.
Number of Employees at Block
Block employs approximately 13,182 people worldwide.
Subsidiaries Owned by Block
Block presently has no subsidiaries across any sectors.
Block’s LinkedIn Followers
Block’s official LinkedIn profile has approximately 165,867 followers.
NAICS Classification of Block
Block is classified under the NAICS code 52, which corresponds to Finance and Insurance.
Block’s Presence on Crunchbase
No, Block does not have a profile on Crunchbase.
Block’s Presence on LinkedIn
Yes, Block maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/joinblock.
Cybersecurity Incidents Involving Block
As of January 21, 2026, Rankiteo reports that Block has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Block has an estimated 30,814 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Block ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Block detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with delayed disclosure (4 months), communication strategy with regulatory filings, communication strategy with public statements via court proceedings..
Incident Details
Can you provide details on each incident ?
Title: Block (Cash App) Data Breach and Shareholder Litigation Dismissal
Description: Block, led by Jack Dorsey, won the dismissal of litigation claiming it misled shareholders regarding a December 2021 data breach at its Cash App service. A former employee downloaded personal information of ~8.2 million users. Shareholders alleged Block failed to disclose inadequate data security and delayed breach notification by nearly four months. The company also faced accusations of misleading Afterpay shareholders during its $29B acquisition. Block previously settled AML-related charges for $80M (48 states) and $40M (New York).
Date Detected: 2021-12-10
Date Publicly Disclosed: 2022-04-04
Type: Data Breach
Attack Vector: Insider Threat (former employee)
Vulnerability Exploited: Inadequate data security controls / unauthorized access by insider
Threat Actor: Former employee
Motivation: Financial Gain (alleged by shareholders)Unauthorized Data Access
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Internal (former employee with authorized access).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach JOI1902219091025
Data Compromised: Personal information of ~8.2 million Cash App users
Brand Reputation Impact: LitigationRegulatory Settlements ($120M total)
Legal Liabilities: Shareholder litigation (dismissed)AML settlements ($80M + $40M)
Identity Theft Risk: High (personal information exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal information.
Which entities were affected by each incident ?
Incident : Data Breach JOI1902219091025
Entity Name: Block, Inc. (Cash App)
Entity Type: Public Company
Industry: Financial Services, Technology, Mobile Payments
Location: Oakland, California, USA
Size: Large (57M monthly users as of 2024)
Customers Affected: 8.2 million
Incident : Data Breach JOI1902219091025
Entity Name: Afterpay (acquired by Block)
Entity Type: Subsidiary
Industry: Financial Services (Buy Now, Pay Later)
Location: Australia
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach JOI1902219091025
Communication Strategy: Delayed disclosure (4 months)Regulatory filingsPublic statements via court proceedings
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach JOI1902219091025
Type of Data Compromised: Personal information
Number of Records Exposed: 8.2 million
Sensitivity of Data: High
Data Exfiltration: Yes (downloaded by former employee)
Personally Identifiable Information: Yes
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach JOI1902219091025
Regulations Violated: Anti-Money Laundering (AML) policies, Potential securities disclosure violations (alleged),
Fines Imposed: ['$80 million (48 states)', '$40 million (New York)']
Legal Actions: Shareholder class-action litigation (dismissed), State regulatory settlements,
Regulatory Notifications: Delayed (disclosed 4 months post-breach)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Shareholder class-action litigation (dismissed), State regulatory settlements, .
References
Where can I find more information about each incident ?
Incident : Data Breach JOI1902219091025
Source: Reuters
Incident : Data Breach JOI1902219091025
Source: U.S. District Court, Southern District of New York (Case No. 22-08636)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Reuters, and Source: U.S. District Court, Southern District of New York (Case No. 22-08636).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach JOI1902219091025
Investigation Status: Closed (litigation dismissed; regulatory settlements reached)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Delayed Disclosure (4 Months), Regulatory Filings and Public Statements Via Court Proceedings.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach JOI1902219091025
Stakeholder Advisories: Court Filings, Regulatory Disclosures.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Court Filings and Regulatory Disclosures.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach JOI1902219091025
Entry Point: Internal (former employee with authorized access)
High Value Targets: Cash App user database
Data Sold on Dark Web: Cash App user database
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach JOI1902219091025
Root Causes: Inadequate Data Security Controls, Insider Threat Risk Management Failure, Delayed Breach Disclosure,
Corrective Actions: Regulatory Settlements ($120M), Potential Internal Policy Reforms (Unspecified),
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Regulatory Settlements ($120M), Potential Internal Policy Reforms (Unspecified), .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Former employee.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2021-12-10.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-04-04.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident was Personal information of ~8.2 million Cash App users.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Personal information of ~8.2 million Cash App users.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 8.2M.
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was $80 million (48 states), $40 million (New York), .
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Shareholder class-action litigation (dismissed), State regulatory settlements, .
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are U.S. District Court, Southern District of New York (Case No. 22-08636) and Reuters.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Closed (litigation dismissed; regulatory settlements reached).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Court filings, Regulatory disclosures, .
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Internal (former employee with authorized access).
.png)
Latest Global CVEs (Not Company-Specific)
Description
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g., execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution. ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the --commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to: * Run any shell command. * Exfiltrate environment variables. * Compromise the CI runner to install backdoors or modify build artifacts. Credits Disclosed responsibly by kny4hacker. Mitigation * Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher. * Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher. * Users on Wrangler v2 (EOL) should upgrade to a supported major version.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
Risk Information
cvss3
Base: 8.1
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=joinblock' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
