Breaking news of a massive customer breach dominates headlines for days. However, months and even years later, affected customers still struggle with the aftermath and firms are still absorbing the costs. By reflecting on these breaches, we can glean long-term lessons that help security and risk (S&R) pros improve their firm's overall security posture, its breach response, and its appreciation of privacy law and customer trust. To do this, each year we select and analyze five notable incidents from the past 12 months to provide these critical lessons.