Maybe it’s a naive question, but in many breach reports I see things like 'No passwords, private keys, or funds were exposed.' How come companies can usually protect that kind of data, but not emails, names, and other personal info?
A properly implemented login system will never store a password in the first place. Properly hashed passwords can still be cracked in some cases, but if your password is strong and the hash is good, it’s safe.