What steps has MIT taken to to ensure that the something like this will never happen again?
And, in case there is any confusion, I am not referring to steps to protect data, but instead to keep a student from being persecuted by federal authorities with the full support of the university.
He was not an MIT student or affiliated with MIT in any capacity. MIT has no obligation to protect a physical and electronic trespasser.
Any given program will expand to fill available memory.