> what could amount to a basic human error

That's the point - if the C-level could go to prison then you'd find that mysteriously there were multiple overlapping systems of control implemented such that no one person could make a simple human error and expose reams of customer data: it would require systematic failure.

(At that point, when safety systems are in place but fail for complicated hard to predict reasons, malicious negligence is hard to prove and executives don't go to jail.)

Simple solutions to all of these that ultimately land on the desk of leadership:

>> employee turnover, lack of consistent skills across the software sector, negligence at any level, incompetence - even if not malicious, tired engineers

Pay better, give raises that keep up with the market, and train your people. Basic stuff.

>> ancient software systems that would be impossible to replace in any reason time etc.

Second best time to start is now. Ancient software systems with tons of legacy cruft and obsolete tech aren't going to get any better.

All this costs money, which is the real problem. If there's a market wide failure, as there seems to be in credit reporting, then serious consequences for cheating out on this stuff to undercut your competitors at the cost of security seems fully justified.

Sure, but not adding the option for two-factor authentication for Experian is much worse than just a basic human error.

Companies that can’t be bothered to implement basic security primitives simply do not need to exist.

How about not being able to work at a publicly traded company for 2 years?