If you don't know it by now, LulzSec is a group that took unto themselves to uncover security flaws at several companies and organizations.
Hacking into other peoples data/property is illegal whether they misuse that data or not. But so is the negligence shown by the companies caught with their guard down.
Nobody but me should care if I leave my home unlocked but even if I do it is still illegal for someone to enter without permission. That's my home and my risk.
That's not the same if someone entrusts me with their property. In that case I become responsible for that property and I must make sure it is well secured. If something happens to that property I am on the hook.
In the LulzSec case, it seems that the authorities are only interested in the people that hacked the data, not on the people that didn't secure it properly.
If in fact LulzSec did not misuse the information, I'd say that the companies that didn't secure it properly are even guiltier as they are exposing OUR data to someone else that may misuse it.
Both are wrong, Both should be held accountable but it seems that authorities think that the real problem was the messenger, not the message.