If the criminals (hackers) had physically (instead of virtually) broken into Sony, physically stolen customer information would Sony be responsible in that case also? At what point is it just a crime against both Sony and it's customers?
I can see people writing that the security should have been better, well the same can be true in a physical crime also. Just seems odd to me, and how do we define when a company/person is liable in this kind of situation where they are also the victim?