January 31, 2025

Facebook

Financial Mirror

Join our Waitlist for Expert Advice!

PayPal cybersecurity breach

New York Fines PayPal $2 Million for Data Security Breach

written by Richard Parks 8 views
0 FacebookTwitterPinterestEmail

Customer Data Exposed Amid Cybersecurity Failures

PayPal has been fined $2 million by New York’s Department of Financial Services (DFS) after a cybersecurity breach in late 2022 exposed sensitive customer information, including Social Security numbers, names, and dates of birth.

Adrienne Harris, the state’s financial services superintendent, revealed that the breach occurred due to PayPal’s failure to employ properly trained cybersecurity staff and its lack of effective risk management practices. The lapse left customer data vulnerable to cybercriminals for about seven weeks.

The issue came to light on December 6, 2022, when a security analyst at PayPal discovered an online post warning of an exploit targeting the platform. The following day, PayPal’s cybersecurity team detected a spike in unauthorized access attempts. Hackers used “credential stuffing” techniques to access federal tax forms for tens of thousands of users.

The vulnerability was tied to changes PayPal made to its data systems to expand customer access to tax forms, unintentionally creating security gaps.

Key Security Gaps Highlighted by Regulators

Harris criticized PayPal for failing to implement basic security measures, such as multifactor authentication (MFA) and CAPTCHA, which could have prevented unauthorized access. These omissions violated New York’s cybersecurity regulations, introduced in 2017 to safeguard sensitive financial information.

Following the incident, PayPal has introduced mandatory MFA for all U.S. accounts, required password resets for affected users, and added CAPTCHA to prevent future breaches.

PayPal’s Response and Regulatory Oversight

In response to the fine, PayPal reaffirmed its commitment to improving platform security. “Protecting consumers’ personal information and maintaining a secure platform is a top priority for us, and we take our regulatory responsibilities seriously,” the company stated.

This case highlights the importance of adhering to robust cybersecurity standards, with regulators like New York’s DFS ensuring companies prioritize consumer data protection in an increasingly digital world.

Related Posts

Trump Offers Federal Workers Eight Months’ Pay to Resign

ECB Expected to Cut Interest Rates Amid Weak Growth

Bank of Japan Increases Rates to a 17-Year High

Spain Implements Strict Airbnb Rules, Sparking Debate

AfD’s Record €1.5 Million Donation Sparks Debate on Party Funding in Germany

EU Must Increase Defence Spending

Nasdaq Expected to Surge in 2025: AI Stocks to Watch

Eurozone Prepares for Further Rate Cuts

Melania Trump Launches Her Own Cryptocurrency

US Stock Market Pauses After Strong Rally

Eurozone Inflation Hits 2.4% Amid Rising Energy Costs

Poland Holds Interest Rates at 5.75% Amid Inflation Risks

Sign up for our free Daily newsletter

We’ll be in your inbox every morning Monday-Saturday with all the day’s top business news, inspiring stories, best advice and exclusive reporting from Financial Mirror.

I understand that the data I am submitting will be used to provide me with the above-described products and/or services and communications in connection therewith.

Read our privacy policy for more information.

Copyright © 2024 Financial Mirror  All rights reserved. 

Facebook X-twitter Youtube Linkedin Instagram