I don't know if 23andMe has done so well, but many of their problems stem from a bad business model, as opposed to that awful breach.

I agree that we need to have "toothier" breach consequences.

The problem is that there's so much money sloshing around, that we have regulatory capture.