PayPal has agreed to pay a $2 million fine imposed by New York State's Department of Financial Services (DFS) following an investigation that revealed significant cybersecurity vulnerabilities, which led to the exposure of sensitive customer information. This data breach has also impacted Nigerian users who rely on the platform for international payment transactions.
The DFS determined that PayPal's inadequate management of its cybersecurity framework enabled the exposure of customers' names, dates of birth, and Social Security numbers to cybercriminals for a duration of nearly seven weeks. The breach was attributed to the company's failure to implement sufficient security controls, allowing unauthorized access to sensitive personal data.
The breach first came to light on December 6, 2022, when a security analyst identified an online message indicating a vulnerability associated with Social Security numbers. Subsequently, PayPal's cybersecurity team observed an unusual increase in access attempts, which indicated that attackers were employing "credential stuffing" tactics to infiltrate customer accounts.
The investigation further uncovered that PayPal had not established proper cybersecurity protocols. According to the DFS, the company had "not utilized qualified personnel for critical cybersecurity roles" and "had not provided adequate training" to manage associated risks. Furthermore, PayPal failed to implement multifactor authentication and other protective measures, such as CAPTCHA, leaving customer accounts more susceptible to attack.
In response to these findings, PayPal has committed to enhancing its security infrastructure. The company has implemented mandatory multifactor authentication for all U.S. accounts, enforced password resets for affected users, and introduced CAPTCHA as an additional layer of security. These measures aim to bolster account protection and prevent future cybersecurity breaches.
Play audio
Comments
Add your comment
Categories
Startup Raises
255
Feature
77
Fintech
32
Fresh News
665
How To
75
Acquisition
36
Reports
18
Opinion
42
Recent Posts
Meta Rolls Out New Facebook Measures to Suppress Spam and Support Real Creators
Meta has announced a series of new measures aime...
Provisioning-on-Demand Software Can Radically Reduce Wastage for MNOs
By Craig Palmer, Chief Executive Officer at VAS-...
Logidoo Opens Global Trade Channels for African Businesses with Groupage Shipping
Logidoo, the pan-African logistics platform, has a...
Lagos Turns Up for PUBG MOBILE Community Event with 1,000+ Attendees
On March 28, 2025, Lagos transformed into the ulti...
How to Leverage Emerging Technologies for Startup Growth
In today’s rapidly evolving business landscape, em...
Related Post
Logidoo Opens Global Trade Channels for African Businesses with Groupage Shipping
Logidoo, the pan-African logistics platform, has announced an important pivot to...
Lagos Turns Up for PUBG MOBILE Community Event with 1,000+ Attendees
On March 28, 2025, Lagos transformed into the ultimate gaming destination as PUB...
From Waste to Worth: LG Inspires Eco-Action with Hinckley Recycling Partnership
In a commendable initiative coinciding with Earth Day 2025, LG Electronics has...
No comments