I’m not quite following you… someone at the hacked organization did not invalidate Matthew Keys’ passwords (as is required by law, if you’re subject to any IT regulation at all) and you’re saying the damage isn’t assignable to the people who actually did it, nor to the people who actually permitted it, but instead to the least culpable person? It’s somehow reasonable to punish the least guilty party the most?
When you break up with your girlfriend, and she throws your keys in the canal, is she more guilty than the robbers when somebody fishes them out and robs you? And shouldn’t you take at least some small amount of the blame yourself for not changing the locks, when you’ve always told everyone that you are on top of your home security?
I get what you’re saying about the difference between this and getting away with killing people because you’re rich, though.
