Are we surprised?

No.

Will this kind of breach occur again?

Probably.

Although we can set really high standards for privacy and security, the very nature of the Internet and the companies involved in connecting us and providing content has a small element of risk.

The best way to defend ourselves is hold service providers accountable so they police themselves.  But even that is a reactive rather than proactive approach to the problem.

AT&T Admits That Former Employee Illegally Accessed Customer Data

Thanks to Mashable