Dont shoot me, I am 'just' the messenger..maybe not

John M Perry, the head of the payment processing firm that was hacked to expose 40 million credit card numbers, told congress that his company is facing imminent extinction because of its disclosure of the breach and the industry’s reaction to it. ‘As a result of coming forward, we are being driven out of business’, he also added that if his firm was forced to shut down, other companies will think twice before disclosing such attacks. First, if a company does not disclose an attack, not only will it be driven out of business but also face charges for not disclosing the attack. After this attack, a lot of processing companies will be monitored regularly so I don’t think any company could get away by just keeping silent about the fact that they have been hacked. Second, after an investigation was carried out by Visa, it was clear that CardSystems knowingly violated contractual requirements for how long credit card data were supposed to be stored and how they were secured. So what is John Perry trying to tell us? Is he trying to tell us that his company should be forgiven for their faults which exposed millions of consumers to possible fraud just because they told us about it?
Would you forgive them?