I would say the risk of identity theft for over 150 million people justifies some preventative measures. And yes, there also were hundreds of lawsuits.

https://en.wikipedia.org/wiki/2017_Equifax_data_breach

Or how about four suicides and 900+ wrongful convictions?

https://en.wikipedia.org/wiki/British_Post_Office_scandal

Not to mention the various dating app leaks that led to extortion, suicides and leaking of medical information like HIV status. And not to forget the famous Therac-25 that killed people as direct result of a race condition.

Where's the threshold for you?

I mean this is Tech industry, everyone here gather data big tech or not,

I'm not saying I'm pro identity theft or data breach or something, but the industry culture is vastly different

people here are pro on move fast break things some of idea, I think you just cant tbh

Everyone in business is move fast and break things and let people die if it's cheaper until regulations force them not to be. Software is just new enough that mostly doesn't exist yet.

Systematically violating people's privacy while not caring about protecting their data is not culture, it's called a problem.

Perhaps they could move even faster and scale better by collecting and storing less data. Moving forward fast instead of moving frantically while looking for things to break seems more reasonable to me. But then again I'm not the kind of person to become a billionaire tech CEO who's unironically bragging about being called the Eye of Sauron, so what do I know.

Conversely, it's the scale, not magnitude. A single physical infrastructure failure can usually only harm a very limited number of people. A digital infrastructure breach can trivially harm millions.

Observing that each individual harm may not be worth the effort of suing over is evidence that the justice system is not effective at addressing harm in the aggregate, not evidence of lack of major harm.