<
p style=”text-align: justify;”>
PayPal has been fined $2 million by the New York State Department of Financial Services (DFS) for failing to protect customer data, resulting in a significant security breach. The incident, which occurred in December 2022, exposed sensitive information, including social security numbers, names, and email addresses of thousands of users. This breach has raised serious concerns about PayPal’s cybersecurity practices and its ability to safeguard customer data.
How Did the Breach Happen?
The breach occurred during an update to PayPal’s system to grant access to IRS Form 1099-Ks, which is used to report income. The employees responsible for implementing these changes lacked proper cybersecurity training, leaving the system vulnerable to exploitation. Cybercriminals used a technique called credential stuffing, where stolen login credentials from previous breaches are tested on other platforms. Since many users reuse passwords across multiple sites, this method often succeeds.
Due to these security flaws, hackers gained access to sensitive customer data, putting affected users at risk of identity theft, financial fraud, and phishing scams. The breach highlights the critical importance of robust cybersecurity measures and well-trained personnel.
Following an investigation, DFS concluded that PayPal lacked qualified cybersecurity personnel and failed to provide adequate training to its
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.