After reading the letter of the case study, several theories came to mind. One being Marxian economic theory, which states those with power exploit those without. Hackers were able to use technology to their advantage to gain access to a website and steal customers sensitive data to include name, address, phone number and credit card information.
Another theory that comes to mind is rational choice. The business involved did not notify the customers immediately after discovering the breach. They waited until an investigation was completed and took actions to protect their systems from malware. They offered suggestions to the possible affected customers on how to protect themselves from identity theft, but a year after the incident was discovered. It would appear they made the decision to protect their interest over notifying the customers right away so that the customers could take immediate actions to protect themselves.
Laissez-fare economic theory is also seen in this letter, as law enforcement became involved as a response once the crime occured. Efforts to mitigate the attacks were not seen until after an attack took place.