liability? (Score 2, Insightful)

I'm not a hacker, an IT guy or a lawyer of any sort, but after RTFA, I have a question: Why isn't there some provision under which concerned invididuals can go after lax companies regarding their security? I mean, yes they were 'hacked', but aparenly only becase their IT people were not to be bothered by securing the companies' data. It seems silly to spend time and money going after the hacker, and then letting all the guys who actually compromised the data off the hook.