On January 23rd, The New York State Department of Financial Services agreed a $2 million settlement with PayPal regarding a data breach dating back to 2022. The incident potentially exposed the sensitive information of PayPal users, including names, birth dates, addresses, individual tax identification numbers, and Social Security numbers, and breached the state’s cybersecurity regulations. NYDFS held that they were in violation of 23 NCYRR Part 500, a cybersecurity regulation that requires financial services providers to use effective controls to prevent unauthorized access to consumers’ protected information.