Online payment giant PayPal is facing a class-action lawsuit over a data breach that exposed the personal and financial information of almost 35,000 users.
The lawsuit alleges that PayPal was negligent and failed to implement basic security measures or comply with industry data protection standards. The affected users were advised to reset their passwords and enable two-factor authentication (2FA) as a precautionary measure.
Although PayPal quickly identified and contained the breach, the investigation took nearly two weeks to complete. During this time, the company confirmed that the hackers had gained access to the user accounts using valid credentials, although they denied that this was a result of a breach in their systems. According to PayPal, there was no evidence to suggest that the user credentials were obtained directly from them.
The lawsuit was filed in the US District Court for the Northern District of California and could potentially represent thousands of affected individuals seeking damages from PayPal, which had a reported user base of 435 million in 2022.
The company has been experiencing a steady increase in its user base, with more and more people relying on its services for digital transactions.
This is not the first time PayPal has faced legal action over a data breach. In 2020, the company settled a lawsuit filed by the US Securities and Exchange Commission (SEC) over allegations that it violated the agency’s security breach notification rule.
PayPal agreed to pay $450,000 in civil penalties to settle the case, which was the SEC’s first enforcement action against a company for violations of the breach notification rule.
