Thanks Panthers007,
If you take that letter as factual, it would seem that the breach originally was not their fault, and when they were told it was not true, persisted with their own investigation. Now, I think there is a good possibility that they could have done more in the early stages, but i don't know if there is some legal restriction they were working under.
I am prepared to give them a pass, subject to increased vigilance. If the rest of don't, it's your money, your right to do what you feel is best for you.