It's a simple cost-benefit analysis.

Implementing effective security is difficult, time-consuming, and expensive. Ignoring problems costs nothing. Unless it's clear the cost of a breach is higher than the cost of security, corporations will risk a breach every single time.

The ultimate loser here is users, who bear the burden of having their data appropriated and misused. Unless the government steps in and imposes penalties on corporations on behalf of users, they'll continue merrily offloading the risks of poor data security on the general population.

It's not even as simple as this. Sometimes, ignoring problems can actually be cheaper. Public perception, as well as government fines, will often treat companies nicer if they were ignorant to the full breadth of security issues than if they knew about them but did nothing.

It's a failing of our system to be sure. I've been asked to stop doing a security assessment halfway through, because once the client realized that the assessment wasn't going to just be "everything is 100% A-OK!", they didn't want it to be on record. If they were breached, they didn't want any paper trail of the executives knowing about the security vulnerabilities that could increase their liability in court. They preferred to be able to claim ignorance.

So that means its not bad?

Why do “people love to pretend” that genuine outrage and the sincere desire to stop immoral practices doesn’t exist?

Many people sincerely care about what’s right, even if they fall prey to human flaws and cognitive biases from time to time.

Perhaps those who talk about how “everyone” just “loves to act like” x and “virtue signal” y are merely projecting their own values on to the rest of us?

Take Congress for example. Approval ratings are what, 20%? They're generally seen to be corrupt, and they don't get anything done, right? So why aren't they voted out of office? Why are people surprised when they end up having low morals or corrupt? If people honestly cared, wouldn't they immediately demand change? But the status quo remains.

So either the people have no power to change things, or they collectively forget these things every day, or the real reason: they don't really care that much, but like to seem like they do.

Because the average approval rating of individual members of Congress in their own district (for the House) or state (for the Senate) is much higher. For most people, it's (some large subset of) the 532 members of the Congress that they don't get to vote for that are the problem.

For your congress problem it’s actually none of the reasons you listed. The cause of the discrepancy is the 20% approval rating is for congress as a whole, but people don’t vote for congress as a whole, they vote for individual representatives.

People do like their own representatives, and those approval ratings are often very good in their own district. It’s the rest of congress they don’t like.

"Shocking" fact is revealed. "No!" "Yes!" "Whoa!"

It's a sarcastic way to say "what else is new?".

There's your list. Seriously.

I obviously can't share with you the list of specific clients I work for, but this attitude is pervasive enough that you should assume that any and all major corporations have this same mindset. All of them.

This is true for basically everything, even stuff that is typically acknowledged as sensitive. I've consulted for big financial groups whose customer service reps had completely unfettered access to SSNs, birthdays, and everything else they had on millions of customers. I would not have been surprised in the least to learn that some programmers in the company, either acting on their own behalf or acting at the request of a superior, were taking samples of this data for "unofficial" use.

Maybe the takeaway is that the SV brogrammer is not quite as special as he/she thought, and not exempt from the temptations that afflict the rest of us.