Summary: New York State has reached a $2 million settlement with PayPal due to its failure to comply with cybersecurity regulations, which resulted in a significant data breach in 2022. The breach was attributed to security gaps that allowed credential stuffing attacks, compromising sensitive customer information. Following the incident, PayPal has implemented several security measures, but the settlement emphasizes the importance of adhering to cybersecurity protocols.
Threat Actor: Cybercriminals | cybercriminals
Victim: PayPal Customers | PayPal customers
Keypoints :
- PayPal faced a $2 million settlement due to a 2022 data breach resulting from inadequate cybersecurity measures.
- The breach involved credential stuffing attacks that compromised 35,000 accounts, exposing sensitive information such as social security numbers.
- New York’s DFS highlighted multiple compliance failures, including lack of multi-factor authentication and improper training of personnel.