Sony will most likely get a slap on the wrist for this, just like they did when their "DRM" rootkit exploit was put on blast in the media. When it comes down to being hacked at this level of sophistication, it really depends on a few factors whether sony will be liable or not.
If they were really running outdated server OSes and this exploit was patched in a newer version then they could be found liable for not patching exploits in the system. But if this is a brand new exploit then its really not sonys fault. Just like its not microsofts fault you get your credit card info stolen by a new keylogger virus on windows. Operating systems are literally tens of thousands of lines of code. Finding the bugs arent always easy if they havent been exploited yet.
When it comes down to a lack of encryption on your emails psn names and passwords. That is what everyone does. This information is stored in plain text on a server just like any other company with customer support and user name services. It takes alot of cpu power to constantly encrypt and decrypt this kind of information for 77 million people all day everyday. Especially when your psn accounts are linked to their website.
Now the second hack is probably going to hurt them for keeping that kind of information on file for so long in old servers. Thats just retarded. But knowing sony they will just offer congress 2 free psn games and a month of psplus to get themselves off the hook.