PayPal has agreed to pay a $2 million fine imposed by New York State's Department of Financial Services (DFS) following an investigation that revealed significant cybersecurity vulnerabilities, which led to the exposure of sensitive customer information. This data breach has also impacted Nigerian users who rely on the platform for international payment transactions.
The DFS determined that PayPal's inadequate management of its cybersecurity framework enabled the exposure of customers' names, dates of birth, and Social Security numbers to cybercriminals for a duration of nearly seven weeks. The breach was attributed to the company's failure to implement sufficient security controls, allowing unauthorized access to sensitive personal data.
The breach first came to light on December 6, 2022, when a security analyst identified an online message indicating a vulnerability associated with Social Security numbers. Subsequently, PayPal's cybersecurity team observed an unusual increase in access attempts, which indicated that attackers were employing "credential stuffing" tactics to infiltrate customer accounts.
The investigation further uncovered that PayPal had not established proper cybersecurity protocols. According to the DFS, the company had "not utilized qualified personnel for critical cybersecurity roles" and "had not provided adequate training" to manage associated risks. Furthermore, PayPal failed to implement multifactor authentication and other protective measures, such as CAPTCHA, leaving customer accounts more susceptible to attack.
In response to these findings, PayPal has committed to enhancing its security infrastructure. The company has implemented mandatory multifactor authentication for all U.S. accounts, enforced password resets for affected users, and introduced CAPTCHA as an additional layer of security. These measures aim to bolster account protection and prevent future cybersecurity breaches.
Play audio
Comments
Add your comment
Categories
Startup Raises
262
Feature
82
Fintech
38
Fresh News
693
How To
84
Acquisition
39
Reports
22
Opinion
56
Recent Posts
Each ChatGPT Query Uses 0.34 Watt-Hours of Electricity and a Drop of Water
Sam Altman, CEO of OpenAI, has shed light on the e...
MyNextCar Lands $10 Million to Expand Bolt’s Budget Ride-Hailing Fleet in South Africa
South African vehicle leasing company MyNextCar (M...
Why Most Nigerian MSMEs Don’t Survive 5 Years — And What Can Be Done About It
Segun AsegunIn Nigeria, over 80 percent of micro,...
How To Build Your Own Generative AI Toolkit To Stay Ahead At Work
If you are waiting for your company
to adopt AI,...
SA Agritech Startup Nile Secures $11.3 Million to Expand Digital Trading for Farmers
South African agritech innovator Nile has announce...
Related Post
Meta Plans to invest $10bn in Scale AI
Meta Platforms Inc. is set to make a major move in the artificial intelligence s...
New U.S.-Nigeria Trade Deal Could Accelerate Investment in Nigerian Startups
A new trade agreement between the United States and Nigeria could serve as a cat...
Tech Firm Gains Global Certifications to Boost Nigeria’s IT Ecosystem
OdumareTech, a fast-growing Nigerian technology training company, has achieved a...
No comments