And this is why egregiously stupid handling of immutable PHI/PPI/PCI should have genuine penalties.
140 million people had their entire credit reports/history and all associated information released to the world because Equifax thought having it all accessible, publicly, without changing the goddamn default password was a good idea.
The penalty? Profits.
They immediately bought a credit monitoring agency, then gave everyone 24 months of monitoring, for a lifelong problem. After that 24 months, a large number of people starting paying for the service, because it's a lifelong fucking problem.
Equifax is still in business today, still hoovering up all of that data, with zero recourse by the consumer and when they fucked it up, they made money.
We don't have to worry about bad actors. We have companies doing it for them, happily.
