What?
At no point has there been a material security breach and no credit card details have been compromised.
But... isn't that how the guy found out about the problem? So surely there HAS been a material security breach and credit card details HAVE been compromised.
And seriously, what kind of inept company did they use if they left all their logging in the release build? I mean, some logging stays in sure, but nothing on the sensitive data. After this I don't think I'd ever use the app no matter how many 'security updates' they release.