For this type of compromise (and many others), the legal response varies (at least for now). Goverment organizations tend to investigate fully, gathering as much information as possible (it doesn't happen to them all that much). Educational networks tend to just wipe an d rebuild (it happens to them quite often due to the open nature of their networks). Corporations tend to be binary about the issue; some will investigate, others will "hide & forget that it happened".
Anyways, the article is a good read about an investigation into an all-too-common problem.