In December 2022, PayPal announced a data breach, but it claimed that the login credentials used in the attack were not obtained from its network.
Online payment giant PayPal is in hot water once again, this time over a data breach that exposed the personal and financial information of almost 35,000 individuals. A proposed class action filed by plaintiffs Ashley Pillard and Destiny Rucker alleges that the company’s negligence was to blame for the December 2022 incident.
It is worth noting that, as reported by Hackread.com, on January 19th, 2023, PayPal began contacting nearly 35,000 users with a data breach notification, explaining that their accounts had been hacked between December 6th and 8th, 2022.
While PayPal was quick to identify and contain the breach as soon as it happened, the investigation took nearly two weeks to complete. During this time, the company confirmed that the hackers had gained access to the user accounts using valid credentials, although they denied that this was a result of a breach in their systems.
According to PayPal, there was no evidence to suggest that the user credentials were obtained directly from them, but the company is taking all necessary steps to ensure the safety and security of its users’ accounts. The affected users were been advised to reset their passwords and enable two-factor authentication (2FA) as a precautionary measure.
According to the complaint, PayPal failed to implement basic security measures or comply with industry data protection standards and guidelines set forth by the Federal Trade Commission. As a result, sensitive information including names, addresses, Social Security numbers, tax identification numbers, and dates of birth were all exposed.
As per Bloomberg’s report, the lawsuit was filed in the US District Court for the Northern District of California on Thursday. If the case proceeds as a class action, it could potentially represent thousands of affected individuals seeking damages from PayPal.
In 2022, PayPal reportedly had a user base of 435 million, which includes users who have made at least one transaction during the year. The online payment giant has been experiencing a steady increase in its user base, with more and more people relying on its services for digital transactions.
However, with this new lawsuit, the company is once again under scrutiny for its handling of sensitive data and failure to protect its users’ privacy.