Yes, it had to be used with other datasets to discover individuals, but Netflix ignored (you say acted in good faith) this possibility and decided to go ahead.
They were ignorant of the implications of the data they released. They didn't saw the possibilities that their costumers could be found. They were stupid and reckless.
The problem is that you're thinking about this situation as the researcher, the person who wants the data set to play with. Put yourself into the company's shoes. You want to improve the recommendation algorithm. You hold a contest, which needs the costumer data to work. But you know that your costumers won't be happy to have their info released, so you go and anonymize the data.
See where I am going? You had an idea, executed, but the consequences were bad. Imagine if car companies acted this way, one morning an engineer comes to work and puts a new brake system in the company's car already in production thinking it'll be awesome and work ten times better than the previous brakes. Without rigorous, government and industry trials, experiments and tests.
Good idea, poor execution. Netflix doesn't have "good faith", they wanted to improve their recommendation algorithm. They wanted to profit. Now, I don't have anything against profits. But it's naive to think Netflix did this for the benefit of mankind. They had their own reasons, and to achieve that, they've broken a promise to their costumers. They said: Hey, we'll keep on our database this information, but don't worry, none will ever know it.
But then they go and _relase_ costumer data, _thinking_ it's sufficiently anonymized. They were wrong. Double mistake there. The "hacker" wasn't alone in this, "he" had a direct help of the company which was supposed to not let this happen.
