Lawyer speak
"A simple statement that passwords were hashed and salted used industry best practices would have been more reassuring."
If the passwords are secure by being hashed and salted, that's probably what the IT guys said. But then the PR people would complain than 99.9% of their customers wouldn't understand what that meant, so it was dumbed down. Then the lawyers got involved and asked "is ther any risk, no matter how slight, that passwords might be compromised". Anyone in security (or science) is loath to use words like "no chance", "impossible" etc, so yes, there is a risk, no matter how small. The the lawyers write the PR release and arse-covering "advice" to change passwords.