At the moment, any company can get hacked at any time. So it is moot whether moral or legal responsibility to protect data ultimately lies with a business. Once your data has been stolen, there's little recourse - it's going to be very inconvenient for you.
The data is currently available to anyone. At this stage it is still too soon to fully grasp the extent of the problem, but it is likely that over the next few days we will begin to see a rise in the number of websites, blogs, and even social media accounts aimed at divulging the names.
This behaviour, now illegal in the UK and across 23 states in the US, has spawned an entire industry. Revenge porn websites generate upwards of $50,000 in advertising revenue each month, with some even charging victims a fee to remove photos.
As the lines between the professional and social use of technology continue to blur, it is vital that we start to really recognise the significance of these attacks, how likely they are and how damaging they can be.
It's great that tech companies are at least talking about privacy, but they shouldn't be seen as the sole, compliant arbiter of anonymity online. Consumers use countless online services and gadgets - we should be demanding that anonymity and privacy should be baked in at the core.