I would at least love to see a public postmortem. What was the developer's rationale for storing extremely personal user data unencrypted, in a publicly facing database? How many layers of management approved storing extremely personal user data unencrypted, in a publicly facing database? What amount of testing was done that failed to figure out that extremely personal user data was stored unencrypted, in a publicly facing database?

>What was the developer's rationale for storing extremely personal user data unencrypted, in a publicly facing database?

https://www.teaforwomen.com/about >With a proven background leading product development teams at top Bay Area tech companies like Salesforce and Shutterfly, Sean [Cook, creator of Tea] leveraged his expertise building innovative technology to create a game-changing platform that prioritizes women’s safety

If you're lucky, a clown vibe coded this trash. If you're unlucky, he paid someone to do so, and despite his proven background about leading top Bay Area companies, didn't even think to check a single time.

The CEO is directly responsible for this.

Requiring a 3rd-party auditor perform a postmortem whose results are posted publicly might be an interesting regulatory approach to this. Companies get shamed for their mistakes, and also the rest of the industry learns more about which practices are safe and which are dangerous. A bit like NTSB investigation reports, for example.