These companies get sued, that is a reaction.
Congress? Well if you make a law twice as illegal, I'm sure that will make it stop /s.
No one wants to be hacked, let's not pretend there is no fallout from ignoring security.
No mate, making it doubly illegal (such as actually fining and imprisoning the negligence in leadership that chooses forgiveness over permission) would undoubtedly help. There are plenty of ways to keep our data secure and they didn't do enough.
Be this on S3 or on your private assets, without proper controls for internal threats these things have a likelihood to happen.
Keeping all your eggs in one basket (the cloud) is never a good idea. If you have to do it try and give yourself as much control over sensitive data via encryption of no longer to be accessed data.
It's great if companies had unlimited resources to spend on security, and didn't screw their customers with fees.
Let me remind you, even Apple had their phone hacked. More laws won't make mistakes go away.