PayPal Fined $2 Million for Cybersecurity Lapses

PayPal to Pay $2 Million Fine for Cybersecurity Failures Exposing SSN

PayPal has agreed to pay a $2 million civil fine for cybersecurity failures that exposed customers' Social Security numbers in late 2022, the New York State Department of Financial Services announced on Thursday.

An investigation by the department found that PayPal:

* Failed to employ qualified staff for key cybersecurity functions
* Did not provide adequate training to address cybersecurity risks

These failures allowed cybercriminals to access customers' names, birthdates, and Social Security numbers for approximately seven weeks.

PayPal detected the breach on December 6, 2022, after a security analyst read an online message indicating an exploit was being used to obtain Social Security numbers. PayPal's cybersecurity team subsequently observed a surge in unauthorized access attempts.

The exposed data resulted from changes made to data flows to enhance form availability to customers.

The investigation also revealed that PayPal did not implement multifactor authentication or CAPTCHA controls to prevent unauthorized access.

The fine stems from violations of the department's cybersecurity regulation, which was enacted in 2017. PayPal has since upgraded its security measures, including the implementation of CAPTCHA.

PayPal Fined $2 Million for Cybersecurity Lapses

Related Posts

House Republicans Aim to Revive Trump's Tax Cut Ambitions in Budget Resolution

Proposed U.S. Oil Tariffs Could Cost Foreign Producers $10 Billion Annually

PepsiCo Cuts Some DEI Programs as Coca-Cola Affirms Inclusion Efforts

Gold's Eighth Weekly Gain In Sight As Trade War Fears, Price Disparity Boost Demand

U.S. Oil and Gas Rig Count Rises for Fourth Straight Week

Categories

Tags

Hot Posts