Yahoo is now being sued by data breach victims (https://www.reuters.com/article/us-verizon-yahoo-breach/yahoo-must-face-litigation-by-data-breach-victims-u-s-judge-idUSKCN1BB25Q). This shifts a turn in policy where agencies have been largely complacent in allow companies to "learn" from their data breach blunders without severe repercussions and nothing more than a slap on the wrist.
Can we expect to see more of this occurring? As virtually everyone has been affected by a data breach, will companies now need to spend the extra resources to securely protect their databases?