The Timehop breach, and this TechCrunch article about in particular, have a lot to teach about security as well as the media optics surrounding security. Timehop is overhauling their security in response to the breach and this has inevitably exposed them to public questions about what they were doing with their security before - it is more than awkward to have TechCrunch stating "questions should be asked why it took an incident response to trigger a “more pervasive” security overhaul." Pervasive encryption is really an urgent "must" at this point and this is exactly why Capnion is working to minimize its burden on the rest of your business.
The breach itself was another example of lax security, as it attacked a cloud computing account without two-factor authentication. Most cloud infrastructure services, including AWS and Digital Ocean for example, offer this service free and encourage you to use it aggressively. You need only download an (also free) app like DuoMobile to get started. Not only is this kind of security a must, but the spectacular revelation you don't have it is an invitation for consumers to question your competence.