PayPal’s $2M Blunder: New York’s Cybersecurity Wake-Up Call!

New York State slapped PayPal with a $2,000,000 settlement for a 2022 data breach. The breach exposed sensitive customer info due to PayPal’s failure to comply with cybersecurity regulations. The lack of multi-factor authentication and weak access controls made it a cybercriminal’s dream vacation spot.

3P
Published: January 25, 2025 8:43 pmAdded: January 25, 2025 at 1:01 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

In the latest episode of “Oops, We Did It Again,” PayPal learns that “password123” isn’t a cybersecurity strategy. The $2 million price tag? Consider it the cost of tuition at the School of Hard Knocks for ignoring New York’s cybersecurity regulations. Maybe next time they’ll remember that multi-factor authentication isn’t just a buzzword!

Key Points:

  • PayPal’s $2 million settlement with New York State over a 2022 cybersecurity breach.
  • Credential stuffing attack led to the exposure of sensitive customer information.
  • Key failure: Lack of mandatory multi-factor authentication.
  • Additional security lapses included poor access controls and untrained personnel.
  • Settlement requires PayPal to pay within 10 days; further action pending any new violations.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?