At MtGox you can have two factor authentication. I guess there's an open issue as to whether this should be enforced on all users? If you have a sizeable amount of coins there, I guess it's a good thing to have..
Now, for all practical reason, no law enforcement agency will lift a finger for the theft of 0.7K USD. So MtGox will probably never hear from the police in this case, so filing that police report the user claimed to have done, will probably help nothing.
From MtGox's point of view, how can they know if a user is legitimate and was actually 'hacked' or that he did it himself and then later claims he was 'hacked'? If MtGox started to be 'nice' and reimburse in cases like this, you can be pretty sure the level of thefts would skyrocket because of it.
Also, I am not a lawyer, but I'm sure MtGox has their reasons for 'not being helpful' in cases like this. For one reason, it doesn't help their bottom line directly, which is a 'good' (not good from a customers perspective) reason to not help. As for not giving out information about IP adress used by the attacker, and other information, I don't know why they don't do it.
As far as MtGox is concerned, someone just logged in with a legit username and password, and transferred some coins. If someone lost 300K USD though, I'm sure there'd be court process to settle the matter.
I can think of ways to possible slow down or prevent cases like this though. If the IP used when logging in is another that usual, or if the time of the login is unusual, it could raise 'red flags' which could freeze the account until further communication with the customer was established. I don't know how much of this they already have in place.
Personally I'd rather have 0.7K USD frozen for a week, or even a month, instead of losing it.
