The Us government lost the completed forms that people who want a security clearance have to fill and that lists all their hidden skeletons (they must disclose them in the form so the govt can assess the likelihood of them being successfully leveraged by an enemy) and nothing changed[0]:

> In 2018, the OPM was reportedly still vulnerable to data thefts, with 29 of the Government Accountability Office's 80 recommendations remaining unaddressed. In particular, the OPM was reportedly still using passwords that had been stolen in the breach. It also had not discontinued the practice of sharing administrative accounts between users, despite that practice having been recommended against as early as 2003.

Not to mention the breaches happening at regular interval. I’m concerned about them and even I can’t remember them.

People don’t care. It happened to many times. It’s too abstract for a lot of people just like “Facebook and gmail can read my messages, nothing to hide”. There is little to no penalty for not being secure enough/getting breached.

[0]: https://en.m.wikipedia.org/wiki/Office_of_Personnel_Manageme...

The impact of such incidents on company reputation and revenue is often exaggerated.

When you're a government controlled corporation in an openly fascist state, you couldn't care less what your customers think.

The first comment didn't say they should have spent more time on security, it said they should have spent time creating a system to detect if too many taxis were in one spot.

I think we can all agree that security is valuable and should be prioritized, but spending time worrying about how to stop who is already in your system from sending all the cabs to the wrong place seems like a waste of time.

Hell, IF (big if) the worst thing a hacker could do once they had access YandexTaxi's servers is send a bunch of cabs to the wrong place, you could almost spin that in a positive light. "We spent so much time protecting customer data that all they could do is send our divers to the wrong place".