Aww, the press shedding crocodile tears...
I would be more inclined to side with the press if it weren't for the fact that the press themselves more than often work without any scrutiny or morale at all. A major accident or catastrophe? Lets make as many pictures as we can, preferably from people who actually got hurt. Who cares if they might be improperly dressed or if the police hasn't had the time to identify everyone and inform their next of kin (in case of a fatality). That is more than often a regular journalist at work for you.
As to the incident itself... Everyone who knows a tiny bit about computers knows better than to blindly click on a link in an e-mail. No matter who it's from. It wouldn't be the first time that spammers try to impersonate someone else (like an African lottery agency).
Also important: it's not as this was a destructive piece of malware, all it did was call home; send back any available (contact) information. I agree that there are always risks, but in this case nothing too major. This was a carefully orchestrated pin-point attack, and I honestly can't find too much wrong with it.
I'm happy to hear they caught that annoying SOB.