Recently, a Federal Judge ordered Marriott to reveal the forensics report for its data breach. I know the Courts have sided with businesses in the past to keep the forensic details of breaches from public disclosure (this may now be changing). And I have looked extensively to find information about the authentication systems that were in use by businesses at the time data breaches occurred and can find almost nothing. (I can understand the many authentication vendors would not want the negative exposure if their system were involved.)
Can anyone point me to a good summary or list that would describe or name the actual authentication systems involved in the major breaches of the past 5 years? Full disclosure: I intend to use the data to test a hypothesis that the "password problem" that leads to data breaches is not solely due to passwords but rather there is a systemic problem with current authentication systems in general.