From my reading of the article, the defendant is being painted to be bigger, scarier target so that AT&T looks like a victim instead of a corporation failing to secure the confidential information of their customers as due diligence demands. From the comments on this thread, the defendant did not have intentions that were completely (as in 100%) benign. In addition, the co-defendant pleading guilty will probably make it harder for his legal team to prove his innocence. However, why is AT&T getting away with what basically amounts to negligence? Specifically, AT&T failed to provide reasonable (industry-standard) security to their users' confidential information (email addresses and other personal data).

It says about 120,000 Apple iPad users were affected, so 120,000 counts of negligence. My "class-action lawsuit" senses are tingling.

Edit: minor reformatting and rewording.