According to the latest UK Government Security Breaches Survey (2008) (http://www.pwc.co.uk/eng/publications/berr_information_security_breaches_survey_2008.html), companies still have a way to go in taking information security seriously. For instance, 52% do not undertake formal security risk assessments; 48% of disaster recovery plans are not regularly tested and 21% of companies spend less that 1% of their IT budget on information security.

I agree that the users should be careful in their selection of usernames and passwords, but we should be able to expect better than this from digital media company.