The Maine Office of the Attorney General reported that PayPal, Inc. experienced a credential stuffing incident affecting 34,942 individuals, including 146 Maine residents. The breach occurred between December 6, 2022, and December 8, 2022, with the incident being confirmed on December 20, 2022. Personal information potentially exposed included names, addresses, Social Security numbers, individual tax identification numbers, and dates of birth, although there is no evidence suggesting misuse of the information.
TPRM report: https://scoringcyber.rankiteo.com/company/paypal
"id": "pay511071325",
"linkid": "paypal",
"type": "Breach",
"date": "12/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 34942,
'industry': 'Financial Services',
'name': 'PayPal, Inc.',
'type': 'Company'}],
'attack_vector': 'Credential Stuffing',
'data_breach': {'number_of_records_exposed': 34942,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['names',
'addresses',
'Social Security numbers',
'individual tax identification '
'numbers',
'dates of birth']},
'date_detected': '2022-12-20',
'description': 'Credential stuffing incident affecting 34,942 individuals, '
'including 146 Maine residents.',
'impact': {'data_compromised': ['names',
'addresses',
'Social Security numbers',
'individual tax identification numbers',
'dates of birth']},
'references': [{'date_accessed': '2022-12-20',
'source': 'Maine Office of the Attorney General'}],
'title': 'PayPal Credential Stuffing Incident',
'type': 'Credential Stuffing'}