Why aren't companies held accountable for data breaches?

Last year there were 3,158 data breaches, up 70% from 2021, which resulted in an all-time high of nearly 1.7 billion notices going out to potentially affected individuals, according to a report released Jan. 28 by the Identity Theft Resource Center (ITRC).

Each data breach makes additional ones more likely because the personal information hackers steal can be used to get into other companies' systems. That's one likely reason for the spike in data breaches.

But watchdogs point out another reason: there are relatively easy things companies can do to protect information, and many companies aren't doing them. These steps include using multifactor authentication, a security method that requires users to provide more than one form of authentication to access an account.

Companies should also mandate that employees change their passwords frequently, and ensure that vendors and other companies they work with have appropriate measures in place.