PayPal(PYPL) PYMNTS.com·2025-01-23 16:17Core Viewpoint - PayPal will pay a $2 million penalty to New York state due to cybersecurity failures that led to a data breach, highlighting the importance of qualified personnel and adequate training in cybersecurity practices [1][2][3]. Group 1: Cybersecurity Allegations - New York state alleged that PayPal violated its Cybersecurity Regulation by not employing qualified personnel for cybersecurity management and failing to provide sufficient training on cybersecurity risks [1][2]. - The breach allowed cybercriminals to access sensitive information, including Social Security numbers, through compromised credentials [2]. Group 2: Regulatory Response - The New York Department of Financial Services (DFS) emphasized that qualified cybersecurity personnel are essential for preventing data breaches and that proper training and policy implementation are critical for protecting sensitive data [3]. - PayPal stated that it takes regulatory responsibilities seriously and has since remediated the issues and improved its cybersecurity practices following the incident that occurred in December 2022 [4][5]. Group 3: Context of Cybersecurity Regulation - New York's Cybersecurity Regulation, effective since March 2017, was the first of its kind in the U.S., requiring financial firms to protect customer data and report cyber events to state regulators [5]. - Prior to this regulation, large organizations often did not report data breaches due to vague state regulations [6]. - Recent penalties were also imposed on other companies like Geico and Travelers for failing to comply with the Cybersecurity Regulation, indicating a trend of increased scrutiny in the industry [6][7].