[rapind]

> Banks are the hardest way to get this data, not the easiest one.

Is this statement based on data or a hunch? A quick google turns up a lot of bank data breaches.

[reaperducer]

A quick google turns up a lot of bank data breaches.

Because banks have to report data breaches. Do you think every neighborhood Gas-N-Blow is publicizing, or even knows, that it's been hacked?

[rapind]

Good point. I’m still wary of just assuming (if that’s what we’re doing here?) that old established organizations you’d expect to be secure are in fact secure. For example I would have expected credit rating agencies to be secure…

Mandatory reporting certainly helps IMO. Reporting should be mandatory for anyone handling PII.