The $2M Hack PayPal Never Saw Coming

January 25, 2025

PayPal is facing a hefty $2 million fine following a significant data breach that exposed the Social Security numbers of nearly 35,000 customers due to a December 2022 credential stuffing attack.

New York state regulators determined that PayPal violated cybersecurity regulations, highlighting the necessity for companies to employ well-trained personnel to combat such risks.


Key highlights include:

• The breach was traced back to improperly managed changes made to PayPal’s system in response to the American Rescue Plan Act in 2022.
• The company is now mandated to enforce multifactor authentication for all U.S. accounts.
• Affected customers received two years of complimentary services from Equifax, including credit monitoring and fraud alerts.

While PayPal has made strides in enhancing its cybersecurity measures, the incident underscores the continuing battle against cyber threats and the urgent need for robust security practices.

Iowa State University (ISU) has hit the jackpot with a significant National Science Foundation (NSF) grant aimed at bolstering the cybersecurity workforce! As one of just four institutions across the country to share in the $15 million funding, ISU is set to transform the cybersecurity landscape.


Funding Success: ISU secured $3.7 million to provide scholarships over five years.
Scholarship Details: 24 master’s students will receive yearly scholarships of $50,000, covering tuition and a stipend.
Program Launch: The initiative, named “CyberCorps Scholarship for Service,” kicks off this fall.
Focus on Innovation: Students will engage with cutting-edge technologies, enhancing national and economic security.
Building a Pipeline: The program will connect with ISU's undergraduate cybersecurity program, which sees around 180 enrollments annually.

This scholarship initiative is not just about financial support; it aims to equip the next generation of cybersecurity leaders to tackle emerging threats head-on!

In the face of evolving cybersecurity threats and legislation, the role of CISOs is more crucial than ever. The article emphasizes the need for a supercharged security culture, highlighting:

• The demand for AppSec professionals is predicted to exceed 3.5 million by 2025.
• Key guidelines from CISA, NIST, PCI, and NIS2 are reshaping compliance expectations.
• A unified security-first mentality across teams is essential for effective vulnerability mitigation.

As organizations grapple with complex regulations, a proactive security culture can simplify compliance. Investing in upskilling developers enhances security outcomes and fosters trust among stakeholders.

The article argues that measuring program effectiveness through metrics like pre-production vulnerabilities and mean time to remediate is vital. Ultimately, fostering a robust security culture empowers developers while ensuring organizations stay ahead of legislation and emerging threats.

As modern cars embrace advanced technology and connectivity, they become increasingly susceptible to cyber threats. A recent vulnerability in Subaru's Starlink system highlights just how vulnerable these vehicles can be, exposing drivers to alarming risks. Key points from the article include:

• Hackers could remotely control vehicle functions using minimal info, like a license plate.
• Sensitive personal data, including location history and emergency contacts, could be accessed.
• Similar vulnerabilities have affected other automakers, like Kia.

The article emphasizes that while automakers need to enhance their cybersecurity strategies, consumers can take steps to protect themselves. These include applying firmware updates, using strong passwords, and limiting data sharing.

As cars become smarter, so too must our awareness and defenses against potential cyberattacks. With vigilance and proactive measures, both manufacturers and consumers can work together to safeguard our journeys on the road.