1. Develop features at any cost, over-collect data, neglect security
2. Hacker gets in, pick the entirety of the data made readily available, credit card numbers, social security numbers, prod credentials, sexual orientation predictions that the company made on their customers for some reason, all of the pay history of the company, instagram creds of the ceo's girlfriend, and takes a dump in their bathroom
3. Try to shush the story
4. It gets exposed by an independent journalist in Kazakhstan who just reads /r/leaks
5. "we recently discovered that a malicious individual got access to a few logs on a random test server. Oops! So far we didn't find proof that it was used. Rest assured that security is our utmost priority. We love security here at ACME corp. Our teams have matching 'security' shirts, and every thursday we pray to Glombo, the security god. As a gesture to our customers we offer everyone a free 2 week trial of our 'security+' package ($15.99/M after trial, don't forget to cancel). Once again, sleep well knowing your data is safe with us!".
6. 6 months later the security gap is half plugged by an intern developing a novel password management system that encrypts passwords in base64
I hate to critique such a fine piece of work as your comment, yet I must add a 5.a) as an option taken by especially high-quality Profit corps: Blaming their customers for the leak (e.g. 23andMe).
1. Develop features at any cost, over-collect data, neglect security
2. Hacker gets in, pick the entirety of the data made readily available, credit card numbers, social security numbers, prod credentials, sexual orientation predictions that the company made on their customers for some reason, all of the pay history of the company, instagram creds of the ceo's girlfriend, and takes a dump in their bathroom
3. Try to shush the story
4. It gets exposed by an independent journalist in Kazakhstan who just reads /r/leaks
5. "we recently discovered that a malicious individual got access to a few logs on a random test server. Oops! So far we didn't find proof that it was used. Rest assured that security is our utmost priority. We love security here at ACME corp. Our teams have matching 'security' shirts, and every thursday we pray to Glombo, the security god. As a gesture to our customers we offer everyone a free 2 week trial of our 'security+' package ($15.99/M after trial, don't forget to cancel). Once again, sleep well knowing your data is safe with us!".
6. 6 months later the security gap is half plugged by an intern developing a novel password management system that encrypts passwords in base64
7. Go to 1. because no-one cares