PayPal, one of the world’s largest online payment platforms, has admitted that a data breach in December 2022 compromised the personal and financial information of nearly 35,000 users.
The company began notifying affected users on January 19th, 2023, with a letter explaining that their accounts had been hacked between December 6th and 8th, 2022. The letter stated that the hackers may have accessed names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, bank account numbers, and PayPal account balances.
According to PayPal’s letter, the company was able to detect and mitigate the attack as soon as it occurred. Still, the internal investigation was not finished until December 20th. The letter also claimed that the login credentials used by the hackers were not obtained from PayPal’s network but did not provide any further details on how they were acquired.
PayPal apologized for the incident and offered affected users free credit monitoring and identity theft protection services. The company also advised users to change their passwords and monitor their accounts for suspicious activity.
PayPal Class Action Lawsuit over Data Breach
However, some users are unsatisfied with PayPal’s response and have filed a class action lawsuit against the company for negligence. The lawsuit alleges that PayPal failed to adequately safeguard its users’ personal information and violated various state and federal data privacy and security laws.
The class action seeks unspecified damages for breach of contract, breach of an implied warranty, negligence, invasion of privacy, and unfair business practices. It also demands that PayPal implement better security measures to prevent future data breaches.
The lead plaintiff in the case is John Doe (a pseudonym), a resident of California who claims that his PayPal account was hacked on December 7th. He says he received an email from PayPal on January 19th informing him of the data breach. He then checked his credit report and found several unauthorized inquiries from various companies.
He says he contacted PayPal’s customer service but could not get clear answers or assistance. He says he fears that his personal information may be used for identity theft or fraud.
Data breaches are becoming more frequent and severe in today’s digital world. They can expose millions of people to serious risks such as identity theft, financial loss, or reputational damage. According to a report by Risk Based Security, there were over 4 billion records exposed in data breaches worldwide in 2020 alone.
Data breaches can also erode consumer trust in online platforms and services. A survey by KPMG found that 75% of consumers would stop using a company if they experienced a data breach involving their personal information.
Companies must take data security seriously and invest in robust technologies and practices to protect their customers’ data. They must also be transparent and accountable when data breaches occur and provide timely notification and remediation to affected users.