Good luck with that. Companies simply don't want to invest in security. It's simply cheaper to write a post-mortem and apology blog post after the fact.

The sad thing is that people are used by now that anything they enter on a website is sooner or later going to be leaked, if not sold as if often happens with email addresses.

Sue them out of existence then.