Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » PayPal agrees to pay $2 million to settle for this data breach – ET CISO

PayPal agrees to pay $2 million to settle for this data breach – ET CISO

PayPal agrees to pay $2 million to settle for this data breach – ET CISO

https://etimg.etb2bimg.com/thumb/msid-117619031,imgsize-20694,width-1200,height=765,overlay-etciso/data-breaches/paypal-agrees-to-pay-2-million-to-settle-for-this-data-breach.jpg


PayPal has agreed to pay a $2 million fine to New York State for failing to comply with cybersecurity regulations. This led to a data breach in 2022 that exposed the personal information of 35,000 customers. The New York Department of Financial Services (DFS) found that PayPal’s security lapses allowed hackers to conduct credential stuffing attacks, gaining unauthorised access to sensitive customer data. In 2023, PayPal disclosed the breach and revealed that it occurred in December 2022. The exposed data included full names, dates of birth, postal addresses, Social Security numbers, and individual tax identification numbers of PayPal customers.

What DFS said about PayPal breach

New York’s DFS announcement also provided further details about the breach, highlighting that one of PayPal’s security issues stemmed from a mistake in distributing Form 1099-K tax forms on the platform.

“Customer data was exposed after PayPal implemented changes to existing data flows to make IRS Form 1099-Ks available to more of its customers. However, the teams tasked with implementing these changes were not trained on PayPal’s systems and application development processes. As a result, they failed to follow proper procedures before the changes went live,” DFS explained.

How hackers breached PayPal data

Due to faulty implementation, cybercriminals with valid PayPal account credentials were able to access accounts and their associated 1099-K forms, exposing sensitive information.

The success of these “credential stuffing” attacks was largely attributed to the absence of mandatory multi-factor authentication (MFA) on the platform at the time. Weak access controls, including the lack of CAPTCHA or rate limiting for automated login attempts, further compounded PayPal’s compliance failures.

The consent order cites violations of the New York Cybersecurity Regulation relating to inadequate cybersecurity policies, employee training, and authentication controls.

Although PayPal later implemented remediation measures, such as masking sensitive data on IRS forms, adding CAPTCHA and rate limiting, and mandating MFA for US customers, these actions came too late, according to the DFS.

Under the settlement, PayPal must pay a $2 million fine within 10 days, with no further action unless additional violations are uncovered by DFS.

  • Published On Jan 28, 2025 at 10:44 AM IST

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

  • Get Realtime updates
  • Save your favourite articles


Scan to download App

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

Juniper Firewall
Cisco Firewall
Checkpoint Firewall
paloalto Firewall
Fortinet Firewall
Forcepoint Firewall

 

Sophos Firewall
WatchGuard Firewall
Barracuda Firewall
Sonicwall Firewall
GajShield Firewall
Seqrite Firewall

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket

Firewall Firm is a Managed Firewall Security Solution Provider Company in India | Digital Marketing by SEO Company India | Powered by IT Monteur