Consequences for Hacking?

T-Mobile was the victim of a hacker for a period of one year, possibly continuous. This hacker, Nicolas Jacobsen, was able to access all of the customer records and personal data of T-Mobile customers. Nicolas then offered this personal data for sale on-line, even offering the data to Secret Service agents, who were investigating him at the time. Nicolas also accessed the classified email of a Secret Service agent who was using a Sidekick for email purposes related to open and active cases. According to Kevin Poulson at Securityfocus.com, the sentencing for this crime will be a maximum of 5 years. I can hardly see this as adequate punishment for the crime that was committed. I do not think that this type of consequence will deter other criminals and prevent identity theft! I realize that Nicolas will probably be able to aid in the prosecution of other hacking cases, but the ruin that he could cause to the thousands of people whose identity that he may have stolen will follow them for their entire lives. Nicolas will serve 5 years and get out to start his own consulting company which will make him a millionaire at 30. Is this fair?