What gets me in this situation is that RockYou is apparently "accepting responsibility" for this breach of security, admitting that users are susceptible to identity theft if they use the same email/password across multiple platforms (including their bank accounts). I mean, if they are "accepting responsibility", would it not be the actual responsible thing to do to offer some sort of protection for their users? I am going to generalize here and say that the "type" of user who would be using RockYou probably is not the same "type' of person to use multiple email accounts/passwords, thus by deduction a good portion of their user base is probably susceptible to identity theft and they do nothing about that? Very responsible.

They are notifying users, what else can they do? The passwords are already stolen.

“Locking down everything is complete,” Shen said. “Our security approach in the future will have to be deeper.”

I'm not sure how much I believe someone who says that after storing his passwords in plaintext.