Summary: PayPal has agreed to pay a $2 million penalty following a cybersecurity incident in December 2022 that exposed thousands of Social Security numbers. The breach was attributed to a credential stuffing attack, which exploited vulnerabilities in the company’s platform due to recent changes. New York regulators emphasized the importance of qualified cybersecurity personnel and proper training to prevent such incidents in the future.
Threat Actor: Credential Stuffers | credential stuffers
Victim: PayPal Customers | PayPal customers
Keypoints :
- PayPal faced a $2 million penalty for failing to protect sensitive customer data during a December 2022 breach.
- The breach affected nearly 35,000 customers, exposing personal information including Social Security numbers.
- Regulators highlighted the need for qualified cybersecurity personnel and proper training to mitigate risks.
Source: https://therecord.media/paypal-penalty-millions-data-breach