That’s true, I agree with this sentiment. But I’m a bit confused when trying to apply the same logic to credit bureaus and other companies which get hacked and expose our personal information without facing any real consequences. In those situations I feel that those companies should be held liable for the breaches.
Is there a source for this data?