We need to make these companies suffer a lot more for these kinds of breaches, I say levy a penalty for every password compromise, double that penalty for every year that it is not reported, and put all that cash into research dedicated to network security. On top of that let that money flow into the companies with effective security track records.
If these companies are comfortable with the courts, then the only way to make them change is to have the fear that the next time can wipe out even Apples profit for the year, make it so that if they "forget" to report this information they get heavy penalties.
In short if these companies keep loosing information that can be detrimental to our privacy, and the security of our Identity the penalties have to be strong enough to be detrimental to there stability and there sustainability.
let them fall, so others can build something better.