Last January, PayPal reportedly suffered a data breach incident that exposed the personal and financial data of about 35,000 users to threat actors. This time, the digital wallet firm faces a proposed class action following the security incident filed by complainants pointing out the company’s negligence.
The digital wallet firm notified its customers last month about detecting malicious activities in their systems from unidentified threat actors between December 6 and 8, 2022. During the investigation that was completed on December 20, the threat actors had accessed user accounts via credential stuffing.
However, PayPal denied that the credentials the hackers used to log in to the user accounts came from their databases. This refutation, though, was not enough for the plaintiffs Ashley Pillard and Destiny Rucker not to file a case against the company for failing to implement basic security measures to ensure users’ data is safe from hackers.
The PayPal data breach exposed thousands of users’ sensitive data to hackers.
Based on reports, the PayPal data breach allowed hackers to access users’ information, such as full names, residential addresses, Social Security numbers, dates of birth, and tax identification numbers. The plaintiffs argued that the digital wallet firm had failed to comply with the Federal Trade Commission’s (FTC) industry data protection standards and guidelines.
The case against PayPal was filed last March 2 in the US District Court for the Northern District of California. According to researchers, the lawsuit can stand for the thousands of individuals impacted by the PayPal breach should it proceed as a class action.
With a user base reaching over 400 million worldwide, the recent PayPal security incident could affect its reputation among its targeted market and could potentially lead to a negative impact on its performance in the digital wallet sector.
People could also begin doubting the company’s data security measures, especially how the recent incident displayed the company’s mishandling of critical user information.
While PayPal now takes appropriate steps to mitigate the incident and comply with the legal actions, all affected users must still observe suspicious activities surrounding hackers abusing their exposed data. Enabling two-factor authentication (2FA) and changing passwords to stronger ones are highly recommended.
