So what did your Contingency Plan say for handling that case and still maintaining compliance?
You did do contingency planning, right? After all, that is a pretty essential part of the process, plaqnning for how to handle the situations where things do not go according to plan.
Every time we do any work, we always have a full contingency plan to account for how we will handle any failures, from minor things through to everything going tits-up. This we share with the management teams and, for big projects, our end-users as well, to give them the confidence that we've got the situation under control and that even if chaos reigns throughout, we'll have them working safely and securely in some defined manner.
Things go wrong in even the most meticulously prepared project. That's just a fact of life.
The true test of a properly planned and managed project is how you cope with those unforeseen things, how you ensure your customers are not screwed.
Sure, I get that users don't read their emails and miss important info, I really do get that (and with that aspect, I fully sympathise and empathise with you).
But I do not for one second think you have any justification to complain about them with regard to the passwords, given that was entirely a failure of your own making - lashing out and blaming them and threatening them with dire consequences next time because YOU failed is not an attractive trait.
We can either learn from them, or do what you are doing and lash out at others.