This article explains that a large number of organisations have security breaches in their network and they mostly go unreported. This makes sense as it would be bad publicity to acknowledge that their customer’s records are vulnerable to hackers. Still it’s important for everyone to be aware how often it really happens.
It’s also important to keep in mind how much information you provide to companies. Personal details like a drivers license number, date of birth, mother’s maiden name etc often aren’t necessary to do business with a supplier. All this information, including marketing information, is often stored for years by companies. Whether or not they have a privacy policy the information is there, and people like hackers don’t abide with privacy policies. So be aware of what information you divulge.
And it’s really up to every organisation to be accountable for their security. At the moment the laws in most countries aren’t strong enough to enforce this, so not much will change until matters get worse.