PayPal cybersecurity fine: New York’s Department of Financial Services (DFS) has fined PayPal $2 million after cybersecurity failures exposed sensitive customer information, including Social Security numbers, names, and dates of birth in late 2022.
Data Breach and Cybersecurity Failures
In December 2022, PayPal discovered unauthorized access attempts from “credential stuffing” attacks. Hackers took advantage of weaknesses in PayPal’s system to access federal tax forms of tens of thousands of customers.
The breach was first noticed on December 6, 2022, when a PayPal analyst found a post online titled “PP EXPLOIT TO GET SSN.” The cybersecurity team later found a rise in unauthorized access attempts, exposing sensitive data for almost seven weeks.
Root Cause: Security Gaps
Investigations showed that PayPal’s changes to improve customer access to tax forms unintentionally created security gaps. These weaknesses allowed cybercriminals to access sensitive information, showing the company’s failure to secure new data flows.
Missing Security Measures
DFS Superintendent Adrienne Harris criticized PayPal for not using key cybersecurity safeguards like multifactor authentication (MFA) and CAPTCHA, which could have stopped unauthorized access. These failures violated New York’s cybersecurity rules, which have been in place since 2017.
PayPal cybersecurity fine: Security Upgrades and Commitment
After the breach, PayPal made major security improvements. The company now requires MFA for all U.S. customer accounts, forced password resets for affected users, and added CAPTCHA to stop unauthorized access attempts.
PayPal assured customers that protecting their information is a top priority and that they take their regulatory responsibilities seriously.
Implications for Financial Sector Cybersecurity
This incident highlights how important proactive cybersecurity measures are in protecting sensitive consumer data. Regulatory bodies like New York’s DFS are enforcing strict standards to hold companies accountable for security failures.
PayPal cybersecurity fine
For more on Tech, please click here.
