• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Monday, July 13, 2026
  • Login
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home Business

PayPal Fined $2 Million for Cybersecurity Failures Exposing Customer Data

by Harikrishnan A
January 26, 2025
in Business, Markets, News, Tech, Trending, World
Reading Time: 3 mins read
0
PayPal Fined $2 Million for Cybersecurity Failures Exposing Customer Data
TwitterWhatsappLinkedin

PayPal has been slapped with a $2 million fine by New York regulators after a significant cybersecurity failure exposed the personal data of thousands of its customers. The fine, handed down by the New York State Department of Financial Services (DFS), highlights the increasing importance of strong cybersecurity practices in protecting sensitive financial information.

You might also like

Sony Execs Offload Shares Following Physical Disc Exit Announcement

New Sodium Battery Charges in 4 Minutes and Lasts for Years

New Cars Are Sitting on Dealer Lots the Longest, Giving Buyers the Upper Hand

The Cybersecurity Breach
In December 2022, a major breach compromised the personal details of PayPal users, including their Social Security numbers, email addresses, and full names. PayPal’s internal security team first became aware of the problem on December 6 when a security analyst came across a suspicious message online that mentioned “PP EXPLOIT TO GET SSN.” The next day, an unusual spike in access attempts to the platform raised alarms, revealing that cybercriminals were using a tactic known as “credential stuffing” to gain unauthorized access to users’ accounts.

Credential stuffing is a method where attackers use stolen usernames and passwords from previous data breaches to try logging into multiple platforms. In PayPal’s case, this tactic allowed hackers to view sensitive tax forms, including IRS Form 1099-K, of thousands of users. The breach lasted for about seven weeks before the company contained it.

Failures in Cybersecurity Practices
An investigation by the DFS found significant gaps in PayPal’s cybersecurity measures, which ultimately allowed the breach to occur. Several key issues were identified:

  • Inexperienced Cybersecurity Staff: PayPal failed to employ sufficiently qualified personnel to manage its cybersecurity systems.
  • Lack of Adequate Training: Employees who implemented system updates were not properly trained on the company’s security protocols.
  • Insufficient Security Measures: PayPal did not require multifactor authentication (MFA) or other security features, such as CAPTCHA, to block unauthorized access to accounts.

Adrienne Harris, New York’s financial services superintendent, stressed that properly trained cybersecurity staff are vital to preventing such incidents, adding, “It’s essential that financial institutions have the right expertise and follow robust procedures to protect sensitive data.”

The Root Cause of the Breach
The breach was linked to a change PayPal made to its system, allowing more customers to access their 1099-K tax forms. DFS investigators found that the staff involved in implementing these changes did not follow the necessary cybersecurity guidelines, leading to vulnerabilities that hackers could exploit. These lapses allowed cybercriminals to use stolen credentials to gain access to the sensitive data.

PayPal’s Response
In response to the breach and the fine, PayPal has taken corrective steps to strengthen its cybersecurity measures. The company has:

  • Implemented mandatory multifactor authentication for all U.S. accounts.
  • Forced password resets for the affected accounts.
  • Introduced CAPTCHA to enhance its online security.

In a statement, PayPal reaffirmed its commitment to user safety, saying, “Protecting our customers’ personal information is a top priority, and we take our responsibility to comply with regulations very seriously.”

The Regulatory Penalty
The $2 million fine comes as a consequence of PayPal’s failure to comply with New York’s stringent cybersecurity regulations, which have been in place since 2017. Harris noted that the breach was preventable, pointing out that PayPal’s inadequate risk management contributed significantly to the vulnerability that allowed hackers to exploit the system.

Impact on Customers
The exposure of personal information like Social Security numbers and email addresses poses a major risk of identity theft and fraud for those affected. As a precaution, customers are urged to monitor their financial accounts closely and consider signing up for identity theft protection services to safeguard their data.

Superintendent Harris emphasized that the incident highlights the critical need for financial institutions to adhere to established cybersecurity standards. She stressed, “The right training, skilled personnel, and effective cybersecurity measures are essential to minimizing risks and protecting consumers.”

Tags: #DFSNew YorkPaypal
Tweet56SendShare16
Previous Post

German Authorities Investigate Nazi Imagery Projected on Tesla Gigafactory

Next Post

Oracle and Microsoft in Talks to Acquire TikTok’s Global Operations

Harikrishnan A

Aspiring writer. Enjoys gaming, fried chicken and iced tea, preferably all together.

Recommended For You

Sony Execs Offload Shares Following Physical Disc Exit Announcement

by Sneha Singh
July 13, 2026
0
Sony Execs Offload Shares Following Physical Disc Exit Announcement

The choice of Sony to withdraw from the physical games industry has become one of the major debates in the field. In fact, the corporation has just announced...

Read more

New Sodium Battery Charges in 4 Minutes and Lasts for Years

by Sneha Singh
July 13, 2026
0
New Sodium Battery Charges in 4 Minutes and Lasts for Years

Chinese scientists have come up with a revolutionary sodium metal battery (SMB), which will provide a boost to the way electric vehicles and other electronic devices get powered...

Read more

New Cars Are Sitting on Dealer Lots the Longest, Giving Buyers the Upper Hand

by Samir Gautam
July 12, 2026
0
Slowest Selling New Cars in 2026 Offer Bigger Discounts

For much of the past few years, buying a new car meant paying close to the sticker price, dealing with limited inventory, and waiting months for delivery. But...

Read more
Next Post
TikTok Challenges U.S. Law, Calling Attention to Other Chinese Firms Like Temu and Shein

Oracle and Microsoft in Talks to Acquire TikTok’s Global Operations

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at info@techstory.in

Advertise With Us

Reach out at - info@techstory.in

Aviator Game India 2026

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple Artificial Intelligence bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News OpenAI samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2025 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2025 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?