I'm not sure if you're making an argument or just ranting. But in case it's an argument: the best behavior for the company is to say "ups, we fucked up", work with the hacker to fix the issue and maybe send some cash his way. The second best behavior is to deny the issue and work on fixing it. We didn't have a chance to see that, because 3 day deadline. It's even possible the initial denial was by a non-technical person, and it took more than 3 days to even escalate to somebody able to do something about it. We're not talking about just a guy with a laptop here, fixing this would most likely involve multiple people, both technical and non technical. Quite possibly somebody approving a budget and so on. That's why I said a 3-day deadline is hilarious.