PayPal was found to have been negligent in safety system management and delayed reporting the leakages to the authorities, the privacy watchdog said. (Image courtesy of Yonhap)
SEOUL, Oct. 26 (Korea Bizwire) — PayPal Holdings, Inc., the multinational operator of an online payment system, was ordered to pay over 900 million won (US$663,863) in fines Thursday for a personal data breach involving some 23,000 customers.
The Personal Information Protection Commission decided to impose combined fines of 922 million won on the Singapore-based company for negligent personal information protection, which resulted in the leakage of customer information, such as names, addresses and photos.
Such information belonging to nearly 22,000 customers was first leaked through a hacking attack on the payment system in December 2021, followed by another leakage of more than 1,000 customers’ private information via a phishing scam involving the email of an employee.
Early this year, the service again came under a “credential stuffing” attack, which gains access to user accounts by automatically injecting stolen usernames and passwords into website login forms, leading to the leakage of more than 300 customers’ personal information.
Despite the three rounds of leakage, PayPal was found to have been negligent in safety system management and delayed reporting the leakages to the authorities, the privacy watchdog said.
(Yonhap)
