Adult Friend Finder
Anthum Blue Cross Blue Shield
Heartland Payment Systems
My Fitness Pal
Honestly this is a very incomplete list. How do one quantify a Breach? It is the number of records stolen out of a database? Is it the number of computers hacked? the number of credit cards stolen, used, and replaced with out telling anyone? Is it the number of pages of Technical data stolen on the F35? how do you measure these things?
Laws have to be changed to hold entities accountable for their security failures. Clearly (well Clearly if your deeply involved in Cyber security) Cyber Security at companies is a risk management job, not actually security job. Currently Cyber Security is about... "Will we stay in business if X Happens?" Currently that is a pretty easy bar to hit. Companies are not liable for Stolen Credit cards, or your private information being stolen, when they are liable the government only issues token punishment, or use a small company as an example. They purchase an ID Protection software offer it to anyone who was breached (which you have to know to go get) and they are off the hook.
Want some Examples?
A SMALL Massachusetts hospital pay $750k to the Government to "settle" data breach
800,000 People effected, the fine LESS than $1 EACH. The Law Allows up to $15,000 Per record PER Person fine. This fine could have been in the BILLIONS
Anthem Blue Cross Blue Shield Paid $16Million to the government for there data breach which was one of the largest ever in the medical field. 80 Million People Effected. the Fine $0.20 that is 20 Cents Each. The Law Allowed for a fine well OVER $1.2TRILLION!
If companies are only slapped with NOTHING or small fines they will continue with weak security.
in Anthem's case they made $116 BILLION, and had to pay a $16 Million fine, not even 1% of sales, only 0.2% of NET Profit.
Read more at Woods LLP