New York, NY – January 24, 2025-PayPal fined $2 million for a 2022 data breach caused by weak security practices, exposing sensitive customer data. The company has since enhanced its protocols.
Global payments giant PayPal has been slapped with a $2 million fine by New York’s Department of Financial Services (DFS) for serious security lapses that led to a 2022 data breach. The breach exposed sensitive customer information, including Social Security numbers, putting thousands at risk of identity theft.
The breach stemmed from a flawed rollout of PayPal’s tax form access portal. A coding error allowed users to view other customers’ 1099 forms, which contained highly sensitive information.
The DFS investigation revealed that the company’s security practices were inadequate, citing a failure to implement multi-factor authentication (MFA) and other essential safeguards like CAPTCHA and rate limiting. DFS Superintendent Adrienne Harris said:
PayPal’s oversight jeopardized the personal data of countless users. Our regulations set the bar high, and failure to comply will result in accountability.
In addition to the technical issues, the DFS found systemic problems in PayPal’s handling of data access controls and identity management policies. The company has since addressed the gaps and updated its cybersecurity measures.
A PayPal spokesperson acknowledged the fine, stating:
We regret the incident and are committed to maintaining the highest security standards moving forward.
The incident serves as a wake-up call for financial institutions to prioritize robust cybersecurity measures. New York’s DFS has been active in enforcing its cybersecurity regulations, with recent fines including $11 million for Geico over a similar breach.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life.
