The problem here was people reusing passwords.
You really aren't going to stop people doing that.
But it could have been easily prevented by forcing multi factor authentication.
I think that should be the minimum required by any company holding personal information.
2fa is a pain in the ass - especially for opsec if they require a mobile number or similar.
the onus is fully on the account holder to set and remember a password (a la private keys - you do use monero right?)
though having your genetic code hacked is pretty 2023 vibes
Nothing will happen.
The state only moves when there is a threat to its power or opportunity for expansion of power.
The compromised con-men in con-gress do not give a damn about your "digital rights"
PS. we have enough "laws"
Rules (WIP)