Naming absolutely no names, have you ever run into resistance in implementing what you know to be vital security features?
Yes. all the time always and forever (30 years being forever). Because implementing anything costs money and there is no "Skin in the Game" for the people in charge of that money.
Until there is a system that holds a business and not the "Computer People" accountable for these white collar crimes you will continue to hear about these issues and never hear about how they won't happen again.
Also you won't stop if from being an actual Business Model:
There was a company that collected and sold the personal information of all it's customers.
To include the banking or billing information. Their justification was that the EULA mentioned that any data collected on the web site belonged to the company.
There was another that did not pay their offshore dev team. They did not have to because all they wanted was access to 4 million users records that included billing information.
IMHO - We gave up information security for cheap outsourcing long ago. Until there is a way to make the decision makers accountable for the issues caused by their poor choices this will happen. As long as it looks fiscally responsible to be Security deficient we won't have any Information Security. If you think we have any of that now then you must not work in the same universe I do.