Logo Logo
Sign Up Log In

PayPal Fined $2 Million for Cybersecurity Failures

20 Feb 2025

20-Feb-2025
Fresh News
Staff Writer
PayPal Fined $2 Million for Cybersecurity Failures 4 months ago

PayPal has agreed to pay a $2 million fine imposed by New York State's Department of Financial Services (DFS) following an investigation that revealed significant cybersecurity vulnerabilities, which led to the exposure of sensitive customer information. This data breach has also impacted Nigerian users who rely on the platform for international payment transactions.

The DFS determined that PayPal's inadequate management of its cybersecurity framework enabled the exposure of customers' names, dates of birth, and Social Security numbers to cybercriminals for a duration of nearly seven weeks. The breach was attributed to the company's failure to implement sufficient security controls, allowing unauthorized access to sensitive personal data.

The breach first came to light on December 6, 2022, when a security analyst identified an online message indicating a vulnerability associated with Social Security numbers. Subsequently, PayPal's cybersecurity team observed an unusual increase in access attempts, which indicated that attackers were employing "credential stuffing" tactics to infiltrate customer accounts.

The investigation further uncovered that PayPal had not established proper cybersecurity protocols. According to the DFS, the company had "not utilized qualified personnel for critical cybersecurity roles" and "had not provided adequate training" to manage associated risks. Furthermore, PayPal failed to implement multifactor authentication and other protective measures, such as CAPTCHA, leaving customer accounts more susceptible to attack.

In response to these findings, PayPal has committed to enhancing its security infrastructure. The company has implemented mandatory multifactor authentication for all U.S. accounts, enforced password resets for affected users, and introduced CAPTCHA as an additional layer of security. These measures aim to bolster account protection and prevent future cybersecurity breaches.

Play audio

Share:

Comments

No comments

Add your comment

Search Blog

Categories

Startup Raises
262
Feature
83
Fintech
39
Fresh News
705
How To
85
Industry Insights
265
Call for Application
84
Acquisition
39
Reports
23
Opinion
57

Recent Posts

Experts Advocate for AI and Data-Driven Strategies to Accelerate Business Growth The Nigerian Marketing Research Association (NiMRA...
Paga Launches Doroki to Scale Up Business Owners’ Operations Paga Group has announced the launch of Doroki, an...
SEC Nigeria Flags ZugaCoin and SamZuga GPT as Unregistered Meme Coins The Securities and Exchange Commission (SEC) Niger...
MarkHack 4.0: A Showcase of Innovation and Insights On March 23, 2025, industry leaders, marketers, a...
How to Successfully Transition from a Startup to a Scale-Up Proven Strategies for Navigating the Growth Curve...

Related Post
Paga Launches Doroki to Scale Up Business Owners’ Operations
Paga Group has announced the launch of Doroki, an innovative, cloud-based softwa...
SEC Nigeria Flags ZugaCoin and SamZuga GPT as Unregistered Meme Coins
The Securities and Exchange Commission (SEC) Nigeria has issued a warning to inv...
Olatunbosun Alake Honoured at Tech Impact Awards 2025
Olatunbosun Alake, Honourable Commissioner for Innovation, Science and Technol...
Logo

Accelerating the growth of Africa's tech ecosystem

Solutions

Blog Startups Investors Hubs Contact About Us

Stay Connected

Facebook Twitter Instagram Linkedin Youtube
Copyright © 2024