With GDPR just around the corner, companies need to stop ignoring breach warnings, downplaying incidents and ultimately take responsibility.  The lack of preparedness and accountability from this firm (and others we see first hand) is quite discouraging.