Powered by MOMENTUM MEDIA
cyber daily logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily.

Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter
facebook linkedin X Instagram youtube

Explore

SECTIONS

MORE

search button

PayPal's cyber security lapses earn it a $3.8m fine

A lapse in cyber security that led to personal data being exposed has earned PayPal a multimillion-dollar fine.

user icon Daniel Croft
Fri, 24 Jan 2025 Security
PayPal's cyber security lapses earn it a $3.8m fine
expand image

The digital wallet and online payment system will pay a fine of US$2 million (roughly A$3.8 million) after the company left the names, birth dates, and Social Security numbers of its customers exposed and accessible to cyber criminals for almost two months in late 2022.

The New York Department of Financial Services alleged that the company failed to use qualified personnel and provide adequate training to manage its cyber security.

You’re out of free articles for this month

“Customer data was exposed after PayPal implemented changes to existing data flows to make IRS Form 1099-Ks available to more of its customers,” said a New York Department of Financial Services press release.

“However, the teams tasked with implementing these changes were not trained on PayPal’s systems and application development processes. As a result, they failed to follow proper procedures before the changes went live.

“This allowed cyber criminals to leverage compromised credentials to access Form 1099-Ks, which included sensitive customer data, including SSNs.”

PayPal has reportedly been cooperative with the department’s investigation and maintains that protecting its customers is of utmost importance.

Cyber Daily logo
VIEW ALL

“After self-reporting and disclosing this issue, we worked closely with the New York Department of Financial Services to resolve this matter, which occurred in December 2022,” said PayPal in a statement.

“Protecting consumers’ personal information and maintaining a secure platform is a top priority for us, and we take our regulatory responsibilities seriously.”

The Department of Financial Services said PayPal has made changes and resolved its cyber security issues.

“Qualified cyber security personnel are the first line of defence against potential data breaches, and providing proper training and effectively implementing cyber security policies and procedures are vital steps to protecting sensitive data and mitigating risks,” said Superintendent Adrienne A. Harris.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
You need to be a member to post comments. Become a member for free today!

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2025 MOMENTUMMEDIA