Posted On January 20, 2023 Consumer Privacy & Data Breaches
January 20, 2023 – PayPal, Inc. filed a notice of data breach with the Attorney General of Maine on January 18, 2023 after discovering that consumer information had been leaked to an unauthorized party in a credential stuffing attack. According to the filing, information accessed included consumers’ first and last names, Social Security numbers, addresses, dates of birth, and individual tax identification numbers. Once PayPal confirmed the data breach, the company sent notification letters to all 34,942 victims of the breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the breach at PayPal, Inc. As a victim of the breach, you need to know your options. We are offering free consultations to all individuals who were affected by the leak so we can help you figure out your next steps and let you know whether you are able to pursue a data breach lawsuit against PayPal. If you recently received a NOTICE OF DATA BREACH from COMPANY, contact us at (866) 778-5500 to discuss your legal options, or submit a confidential contact form for a free case evaluation.
PayPal, Inc. is a company that provides services in digital payment to markets all over the world, allowing money transfers in 25 currencies. Originally founded in 1998 and based in San Jose, California as part of eBay, PayPal, Inc. has been an independent entity since 2015 and now has 426 million active users, employs over 30,000 people, and pulls in about $25 billion in revenue annually.
According to filings with the Attorney General of Maine, PayPal became aware of the breach on December 20, 2022 when the company discovered that an unauthorized party was able to gain access to various users’ accounts using their login information. As a result, PayPal launched an investigation into the attack and discovered the breach occurred sometime between December 6, 2022 and December 8, 2022.
During the course of the investigation, it was discovered that consumer information had been accessed, and the affected information included consumers’ first and last names, Social Security numbers, addresses, dates of birth, and individual tax identification numbers. PayPal also learned that the personal information of the customers had also been made available to the hackers.
On January 18, 2023, PayPal sent out data breach notification letters to all individuals who were affected by the leak.
Often, people will use the same usernames and passwords as their login information for many sites. Credential stuffing is a commonly used technique in which hackers find your credentials and submit them automatically into several, sometimes hundreds, of sites to see if the same login information was used to create accounts on those sites. That way, hackers gain access to other accounts and can collect different types of information of yours. This allows hackers to better use your information in their criminal activities, often leading to identity theft and fraudulent activity.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the PayPal, Inc. data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent out to affected individuals:
Protecting the security of our customers’ information is very important to us. We are writing to inform you about an incident that may have impacted your PayPal account. We want to make clear at the outset that keeping your personal data safe and secure is and will continue to be a priority moving forward.
On December 20, 2022, we confirmed that unauthorized parties were able to access your PayPal customer account using your login credentials. We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account. There is also no evidence that your login credentials were obtained from any PayPal systems.
Based on PayPal’s investigation to date, we believe that this unauthorized activity occurred between December 6, 2022, and December 8, 2022, when we eliminated access for unauthorized third parties.
During this time, the unauthorized third parties were able to view, and potentially acquire, some personal information for certain PayPal users.
We have not delayed this notification as a result of any law enforcement investigation.
WHAT INFORMATION WAS INVOLVED?
The personal information that was exposed could have included your name, address, Social Security number, individual tax identification number, and/or date of birth.
WHAT WE ARE DOING
Upon learning about this unauthorized activity, we promptly began an investigation and took action to address this incident, including by taking steps to prevent unauthorized actors from obtaining further personal information. We reset the passwords of the affected PayPal accounts and implemented enhanced security controls that will require you to establish a new password the next time you login to your account.
We have also secured the services of Equifax to provide identity monitoring services at no cost to you for two years. Below please find information on signing up for a complimentary membership to Equifax’s identity monitoring services, including key product features.
FOR MORE INFORMATION
We take our responsibility to protect your information extremely seriously, and we sincerely regret any inconvenience that this matter has caused you.