[Inlinked]

This is an interesting response, because it reveals a few things:

- Linkedin was not aware of the size of the 2012 breach.

- Linkedin did not use preventive measures one would usually do after a significant breach (They only now issued a password reset for accounts older than 2012).

It seems like they also botched the 2012 post-hack evaluation.

I wonder if their security engineer(s) could be held personally liable. Someone has advertised him/herself as a security engineer, while completely botching the password scheme (unsalted Sha-1), and leaving massive holes in the post-evaluation of the breach.

[justinlardinois]

For anyone to be liable, there'd have to be a criminal or civil suit against LinkedIn, neither of which has happened or seems likely to happen. Maybe a class action lawsuit, but I don't think there's a precedent for an individual employee being held personally liable in a class action suit.

Also I really doubt there was a single employee you could place the blame on.