I would honestly guess about 0.1% of bad leaks (e.g. not just email and user name or whatever) are disclosed in the end.
It has to be really hard for the police or card providers to correlate frauds with customer databases.
And like, how do you even notice you are hacked? Unless the hacker sends you extortion messages, which I guess is the main reason for disclosure. Otherwise the hacker can tip off the an attorney and 'pwn' corporate lawyers for real. A risk the lawyers won't take even if the company wanted to.
I sometimes feel lawyers are the only group of workers with real agency ...
It has to be really hard for the police or card providers to correlate frauds with customer databases.
And like, how do you even notice you are hacked? Unless the hacker sends you extortion messages, which I guess is the main reason for disclosure. Otherwise the hacker can tip off the an attorney and 'pwn' corporate lawyers for real. A risk the lawyers won't take even if the company wanted to.
I sometimes feel lawyers are the only group of workers with real agency ...