"Cybercriminals were able to breach defendant's systems because defendant failed to adequately train its employees on cybersecurity, failed to adequately monitor its agents, contractors, vendors, and ...