https://logicmag.io/commons/inside-the-whale-an-interview-with-an-anonymous-amazonian/
A cybercriminal can also get paid by a competitor to expose data, or to change the configuration so the data is exposed publicly to make that company look bad. The Capital One breach in 2019 involved a former Amazon employee, actually. Capital One suffered a huge embarrassment in the press. But unfortunately, as with the Experian data breach in 2015, the Capital One incident showed that the markets are very forgiving of data breaches, because the people who are most victimized by them are poor people who have no idea how to control their data anyway, and didn't even know what it means to have their data breached.
Companies don't like to have their whole ass be shown that way. It's a lot of egg to get on your face. But in the end, the market is learning that massive data exposures are not that bad of a problem unless Congress comes calling.