Their complete lack of security let 15 year old children get in with a 17 year old well known vulnerability that they were warned to fix yet did not fix. She "doesn't know if it was avoidable"!? Framing it as dastardly criminals that couldn't possibly be stopped is entirely in the realm of make belief, when they have failed to implement even basic precautions.
She has no business being in a position responsible for individual's data when she is so clueless. An example should be made of their negligence in protecting our data so that other businesses take it seriously, otherwise if you get off with a slap on the wrists why would any business bother to put any money into doing it properly?
Forget terrorism, the biggest threat to cyber security is a spineless ICO that lets these businesses and government orgs make the same schoolboy errors over and over. They need to be knocked out of the bad processes and habits that repeatedly lead to big data breaches.