PayPal Settles $2 Million Over 2022 Data Breach
/ 1 min read
🔐 New York State fines PayPal $2 million for cybersecurity failures linked to 2022 data breach. The settlement follows a Department of Financial Services (DFS) investigation revealing that PayPal’s inadequate cybersecurity measures allowed a credential stuffing attack in December 2022, compromising 35,000 accounts and exposing sensitive customer data, including Social Security numbers. The DFS identified key compliance failures, such as the lack of multi-factor authentication and insufficient training for staff implementing changes to data flows. Although PayPal has since enhanced its security protocols, including mandatory MFA and improved access controls, the DFS deemed these actions insufficient to prevent the breach. PayPal is required to pay the settlement within 10 days, with no further penalties unless new violations are found.
