It's kinda funny that there have been round after round of hacks on various sites, mainly targetting companies with large collections of personal data, and apparently none of them are being proactive and reviewing their own security policies. After sony's big screw up, you'd figure that even they would internalize the shame and review ALL external facing sites which have or contain personal data, but I guess why bother, sometimes its easier/cheaper to ask forgiveness then be proactive I guess.