- Paypal was sentenced to a fine of $ 2 million for cybersecurity failures
- Fine of the New York State Financial Services Department follows a data violation of 2022
- DFS says that Paypal failed to train workers properly on safety practices
New York regulators issued a fine of $ 2 million to the PayPal financial services giant on cybersecurity failures that have exposed personally identifiable information (PII) of tens of thousands of customers.
The violation, which occurred in December 2022, compromised social security numbers, email addresses and user names.
The fine, given by the Department of Financial Services of the New York State (DFS), follows an investigation into the gaps in cybersecurity practices in the perspective of the violation. The DFS determined that Paypal had not used the “qualified personnel” to manage the key functions of cybersecurity and did not provide adequate training to combat the risks of cybersecurity.
Failure to follow the procedure
The survey revealed that these failures allowed the violation of 2022, in which the hackers used a technique called “ farging of identification information ” – where the “stuff” attackers with many identification information Taken elsewhere until we finally operate.
Customer data was exposed after PayPal modifies data flows in order to put the IRS 1099-SK form available for more customers. By doing this, the teams implemented the changes have not been properly trained in PayPal systems and applications development processes.
For this reason, the DFS determined that the employees have not followed the appropriate procedures “as the modifications have been made, allowing cybercriminals to exploit the identification information set out to access the forms, which then Compromise data from sensitive customers.
“New York standard cybersecurity regulations to New York standard establishes an essential standard to protect consumers’ data and strengthen the resilience of financial institutions,” said Superintendent Adrienne A.harris in a statement.
“Qualified cybersecurity personnel is the first line of defense against potential data violations, and provide appropriate training and effectively implement cybersecurity policies and procedures are vital stages to protect sensitive data and mitigate risks . “
Aside from the immediate danger of access to accounts, the personal information on display put customers at the risk of identity theft, so consult our recommendations for better protection against identity theft if you think you may be exposed.
