The New York State Department of Financial Services has settled with PayPal for $2 million following a cybersecurity breach, which may have compromised sensitive personal data due to regulatory non-compliance. The breach was linked to a data collection mishap involving Form 1099-K, attributed to poorly trained engineers. Experts like Dr. Ilia Kolochenko emphasize that cybersecurity success requires not only implementing technical solutions but also ongoing training and compliance efforts, particularly in light of evolving threats such as generative AI and potential federal regulation in the future.
This penalty is a clear reminder that cybersecurity is insufficient even if you implement all technical controls, but fail to properly organize an ongoing organization-wide training.
The NY DFS Cybersecurity Regulation (23 NYCRR Part 500) is probably one of the most detailed U.S. state-level regulations related to cybersecurity and data protection.
Collection
[
|
...
]