Here's my take on it.
Yes, it's Sony's fault for having piss poor security. It would be in their best interests to improve security.
On the flip side the hackers are being lame. It's one thing to hack the website(s) and get the info. You could then easily email/some other way communicate to Sony. "Hey you are vulnerable to SQL injection, please sanitize your inputes. I was able to get all of this information <see attachments>". Instead they run around like children saying "LOOK AT ME!!" for no reason but getting attention and measuring their e-peens.
If the hackers really wanted justice (as opposed to being thugs) they would work with coporations to improve security so that real bad people (thieves, rouge countries, terrorists, etc.) wouldn't be able to steal our personal information from coporations and use that information for financial gain or other bad activities.
It IS Sony's responsibility to have good security in an effort to protect their own bottom line. The hackers however are behaving like children and bringing NOTHING BUT BAD NEWS to the customers of the corporation and doing a tiny bit of damage to the corporation itself.
Thats a very good post, both sides have their responsibility. What im wandering is, legally speaking, in knowledge of their security problem, should Sony take all the servers that contain customer information offline until they get time to upgrade them. What do you think of that? Keeping in my mind the information is, name, address, date of birth, e-mail and the standard of the industry in term of online security. Im actually hesitant on that, I think they should but at the same time, we shouldnt ask more to a single company then to the other. Its not really their fault to have hundreads of hackers on their back either. So what do you think?