Curated Content | Thought Leadership | Technology News

New York Sanctions PayPal for Lapses in Cybersecurity Measures

$2 Million fine.
Emily Hill
Contributing Writer
Kiev / Ukraine - 01.22.18: Sign of the PayPal - online money transfers

New York state regulators have fined PayPal $2 million following a cybersecurity incident in late 2022 that exposed sensitive customer information, including Social Security numbers. The breach, attributed to a credential stuffing attack, affected nearly 35,000 individuals and highlighted gaps in PayPal’s cybersecurity protocols, including insufficient staff training and the lack of multifactor authentication (MFA).

The New York Department of Financial Services (DFS) faulted the company for failing to adopt qualified personnel, implement adequate access controls, and sufficiently protect consumer data.

PayPal, while cooperating with the investigation, has since upgraded its security protocols, including mandating MFA for all U.S. accounts and enhancing internal operational processes to prevent future incidents.

Why It Matters: Cybersecurity remains a main concern as digital payment platforms like PayPal handle vast amounts of personal and financial data. Breaches like this underscore the importance of strong security measures, regulatory oversight, and organizational accountability in protecting consumer information and building trust in financial services.

  • The Breach and Its Discovery: In December 2022, PayPal identified a spike in platform access attempts after an online message detailed how to exploit the company’s systems to retrieve Social Security numbers. The breach lasted approximately seven weeks, exposing sensitive data such as names, addresses, and birthdates.
  • Credential Stuffing Exploitation: Cybercriminals utilized credential stuffing techniques, using stolen login details to gain unauthorized access to user accounts. Vulnerabilities were linked to changes made to accommodate tax-related forms following the American Rescue Plan Act of 2022.
  • Regulatory Findings: New York DFS found PayPal lacked qualified cybersecurity staff and failed to implement preventive measures like multifactor authentication or CAPTCHA, which could have blocked unauthorized access attempts.
  • PayPal’s Response and Upgrades: After the breach, PayPal mandated MFA for U.S. customers, implemented CAPTCHA, and enforced password resets on affected accounts. The company also revised internal processes to strengthen oversight and risk management.
  • The Financial and Legal Consequences: PayPal agreed to pay a $2 million fine, which cannot be covered by insurance, and provided impacted customers with two years of free credit monitoring services through Equifax. Regulators commended PayPal for cooperating with the investigation and making meaningful changes.

Go Deeper -> PayPal penalized $2 million over data breach involving 35K Social Security numbers – The Record

PayPal fined by New York for cybersecurity failures – Reuters

New York State Fines PayPal for $2 Million Over 2022 Breach of Customer Accounts – MSSP Alert

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters