Or: this is why you strictly regulate the storage of confidential/private/sensitive information.

There were multiple failures here, but a single step could've prevented the entire hack: industry-standard encryption of the sensitive information.