Back in 2011 I wrote about the Sony break in and subsequent disclosure of 100 million log on credentials. At the time I remarked that it would be years before the final cost of the exploit would be known. Now we know that the answer—at least for monetary costs—is $172,000,000. It's almost enough to make you feel sorry for Sony until you remember the details.
One would think that this object lesson would get other high profile sites to clean up their act but of course it hasn't. We still have sites storing passwords in plain text, not keeping their systems patched, misusing SSL and all manners of other transgressions. The article at the link says that the average attack costs a company $5,500,000. You'd think that would be enough to get their attention but apparently not. At least it provides a never ending source of blog posts.