Who Is Guilty In A Hack? The Perpetrator Or The Victim?

This article is interesting not because the hacker is convicted, but because of the reader comments at the end. The first post defends the hacker and blames AT&T for their system not being secure enough and allowing a breach. The next poster says that is akin to blaming a bank if they are robbed because their doors are not secure enough. Another poster points out that both are to blame.

In our judicial system of criminal and civil liability I believe the third poster is most right. The hacker is guilty of a crime while AT&T will bear the civil liabilities. Here is the story: