PayPal, Inc. Announces Data Breach Following Apparent Credential-Stuffing Attack

Console and Associates, P.C.

On January 18, 2023, PayPal, Inc. filed notice of a data breach with the Maine Attorney General’s Office after learning that confidential consumer information was compromised following what appears to have been a credential-stuffing attack. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses, Social Security numbers, individual tax identification numbers, and dates of birth. After confirming that consumer data was leaked, PayPal began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

PayPal is known worldwide, and over the past two decades, has become a trusted name in online payment services. As a result, when you signed up for PayPal, you trusted that the company would keep your information secure. However, news of the recent PayPal data breach may raise questions about the company’s data security practices. As we’ve discussed in prior posts, corporations that store consumer information take on a legal duty to protect that information. And, when a company fails to provide the necessary protections, it might be liable through a data breach lawsuit.

What We Know So Far About the PayPal Breach

The available information regarding the PayPal breach comes from the company’s filing with the Attorney General of Maine. According to this source, on December 20, 2022, PayPal learned that one or more unauthorized parties were able to access certain customers’ accounts by using their login credentials. In response, PayPal launched an investigation into the incident, confirming that the unauthorized parties were able to access the affected accounts between December 6, 2022 and December 8, 2022. PayPal also learned that during this time, the unauthorized parties were able to view, and potentially steal, personal information belonging to some PayPal users.

Upon discovering that sensitive consumer data was made available to an unauthorized party, PayPal began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, Social Security number, individual tax identification number, and date of birth.

On January 18, 2023, PayPal sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About PayPal, Inc.

Founded in 1998, PayPal, Inc. is a digital payment company based in San Jose, California. PayPal has more than 426 million active users in 202 markets across the world and allows users to transfer money in 25 different currencies. Formerly a part of eBay, as of 2015, PayPal is publicly traded on the NASDAQ stock exchange, under the ticker symbol “PYPL.” PayPal employs more than 30,000 people and generates approximately $25 billion in annual revenue.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide