It seems rather odd that the person who was hacked hasn't come forth and identified himself.
I can assure you, if it were me, you wouldn't hear me identifying myself publicly.
What is there to gain?
The ridicule and/or hatred of thousands of jerks on the internet!
Once again, there was a period of time between the alleged hack and the decision to do the roll-back. You would have not said a word publicly during that period of time? You would have been satisfied that MtGox was going to 'make it right' without even knowing they would do a roll-back?
And why presume ridicule or hatred if the hack was no fault of your own?
Speaking for myself, if I had even a thousand dollars worth of bitcoins trapped/lost in an exchange, I would have raised some very public holy hell. It's only through open conversation that others might be made aware of the situation, beyond what MtGox is willing to provide. And, quite frankly, you cannot simply presume that MtGox is giving the whole truth, or even any portion of the truth.
MtGox has said that they'd be responsible for 'gross negligence' only. And supposing that gross negligence did take place, how much might MtGox twist reality in order to keep you from seeing the evidence of that negligence?
If the auditor account was used to hack the system, and/or dump the usernames/hashed passwords, etc., then the auditor account likely was granted more access to the database than was necessary for the performance of their audit. That's negligence on the part of the database admin....and quite possibly rises to the level of gross negligence.http://en.wikipedia.org/wiki/Gross_negligence