1. Forum
  2. FidoNet
  3. POLITICS

  • PayPal fined by New York

    From Mike Powell@1:2320/105 to All on Fri Jan 24 10:46:00 2025
    PayPal fined by New York for cybersecurity failures

    Date:
    Fri, 24 Jan 2025 13:12:00 +0000

    Description:
    PayPal fined $2 million by financial regulators for cybersecurity
    shortcomings.

    FULL STORY ======================================================================

    - PayPal has been fined $2 million for cybersecurity failures
    - New York State Department of Financial Services fine follows a 2022 data breach
    - DFS says PayPal failed to properly train workers on security practices

    Regulators in New York have issued a $2 million fine to financial service
    giant PayPal over cybersecurity failures which exposed personally
    identifiable information (PII) of tens of thousands of customers.

    The breach, which occurred in December of 2022 , compromised the social security numbers, email addresses, and names of users.

    The fine, given by the New York State Department of Financial Services (DFS), follows an investigation into shortcomings in cybersecurity practices in the run up to the breach. The DFS determined that PayPal failed to use qualified personnel to manage key cybersecurity functions, and didnt provide adequate training to address risks in cybersecurity.

    Failure to follow procedure

    The investigation found these failures enabled the 2022 breach, in which hackers used a technique called credential stuffing - where attackers stuff login pages with numerous credentials taken from elsewhere until one
    eventually works.

    The customer data was exposed after PayPal made changes to data flows in
    order to make IRS Form 1099-ks available to more customers. When doing this, the teams implementing the changes werent properly trained in PayPals systems and application development processes.

    Because of this, DFS determined that employees failed to follow proper procedures as the changes were made, allowing cybercriminals to exploit
    exposed credentials to access the forms, which then compromised sensitive customer data.

    New Yorks nation-leading cybersecurity regulation sets a critical standard
    for safeguarding consumer data and strengthening the resilience of financial institutions, said Superintendent Adrienne A.Harris in a statement .

    Qualified cybersecurity personnel are the first line of defense against potential data breaches, and providing proper training and effectively implementing cybersecurity policies and procedures are vital steps to protecting sensitive data and mitigating risks.

    Aside from the immediate danger of account access, exposed personal
    information puts customers at risk of identity theft.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/paypal-fined-by-new-york-for-cybersecur ity-failures

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)