When it came to the Doctor Who leakage, apparently this was because the material was uploaded to the receiving party dealing with whatever it was via anonymous FTP.
Now, in post-production circles, this is not uncommon. Indeed, we operated an anonymous FTP server ourselves (we’re talking around 6-7 years ago now). But you’d only ever were be able to upload to specific paths and you’d never get to see the contents of those paths that we agreed upon in advance with the client - only those staff operating internal to the company network could access that once the upload was complete. There were the usual lockouts and never had problems with people trying to dump illicit stuff there. Nevertheless, I was pushing for fully encrypted FTPS or SFTP, but was told that clients (mainly advertising agencies) preferred the anonymous method rather than having to deal with usernames, passwords or pubkey authentication.
bangs head against brick wall
What film studios, post-production companies, and anybody else working in media where content is valued needs is an infosec manager. Somebody to oversee, implement and enforce policies which prevent anybody from ever deliberately or accidentally releasing material (whether it be through the internet or via physical media), but should it happen, you’d have audit logs or something to show how that material went astray.
But it is up to the film companies/post-prod studios to do this - and not put the blame squarely on the consumer who is going to be penalised because non-technical management are huffing and puffing at their own mistakes.