Exactly. The only solutions is to make keeping people’s data a liability rather than an asset. That if there is any sort of beach there are criminal investigations and make the company liable for any and all losses stemming from that breach. Plus if their security was found negligent, than every one of their customers gets cause of action to personally sue them.

The next company to have a breach like this will go bankrupt. And that will sufficiently frighten the others.