It’s the ease of putting data online and the difficulty in securing it. Imagine securing a house with 100 doors and windows. Oh, and you want people who are authorized to be able to get in, but only into certain rooms and not others.
Target, the most famous case was hacked because the HVAC company they used had access to their HVAC system. The HVAC company was hacked, and then the hackers got into the Target HVAC system, found their way into the third party POS system which wasn’t secure, but that’s okay, it’s an internal only system, and from there stole almost a hundred thousand credit cards with credit card security codes, customer addresses and your purchase history.
If you have 10,000 customer service agents, each with full access into the billing system, all it takes is for one of them to leak their password. Our company instituted 2FA internally and that was a big mess. It was hard for many of our representatives to understand how it works.
Security is hard.