Why is that a good start? They are ex employees. Perhaps they are no longer there because they quit due to bad leadership, bad security, bad company ethics, or maybe they were fired for continually reporting their security flaws?
I get that some people like meting out punishment, but it seems like a good idea to limit it to the people responsible.
Your and other comments are good responses. My comment was mean-spirited and (worse) wouldn't solve the problem.
A lot of the problems we are seeing can be traced back to the fact that the leadership who make decisions suffer little or nothing in the way of personal consequences. It seems past time for us to change the law so that this is no longer the case. That's about the only way things will change. It's dispiriting to see security breaches and misuse of personal data happening again and again.
I get that some people like meting out punishment, but it seems like a good idea to limit it to the people responsible.