Time for civil liability for these breaches. At this point the risk of storing plaintext passwords is known enough that it should qualify as negligence.