Less common with things that are directly "customer passwords", but common with other credentials and customer data. Those laws require reporting about breaches and I know I get notifications about breached data somewhat often.
Keep in mind, a good first step to improving security is to hire a pentester. So pentesters have a unique view into companies that are trying to improve. Often the starting place is quite poor. When I leave those contracts, to my knowledge, they are all on track to fix these sorts of defects.
Keep in mind, a good first step to improving security is to hire a pentester. So pentesters have a unique view into companies that are trying to improve. Often the starting place is quite poor. When I leave those contracts, to my knowledge, they are all on track to fix these sorts of defects.