There is a culture of half-arsedness with some businesses where they don't respect user's security and privacy requirements. This is partially down to plain old incompetance but in my experience it's usually down to the fact that if doing something properly and testing it properly doesn't add business value, then it's not done. At the risk of pissing people off here; that culture is prevalent amongst startups.
They screwed up, they're getting sued. They should have tested it properly.
If this was a public organisation that left everyone's files in an open skip overnight they'd get sued too.
There is a culture of half-arsedness with some businesses where they don't respect user's security and privacy requirements. This is partially down to plain old incompetance but in my experience it's usually down to the fact that if doing something properly and testing it properly doesn't add business value, then it's not done. At the risk of pissing people off here; that culture is prevalent amongst startups.
They screwed up, they're getting sued. They should have tested it properly.
If this was a public organisation that left everyone's files in an open skip overnight they'd get sued too.