It's shocking that companies can take this attitude when a security breach is brought to their attention. Companies are now so afraid of the media scandal and backlash that follows, they would rather flatly deny that problems exist.
A similar thing happened to me with Nectar, they insisted the details used in the e-mails I was receiving must have been guessed. Which, is highly unlikely.
There should be a better mechanisms in place forcing companies to check or prove their security is appropriate and hasn't been breached. There are lots of IT professionals using services and are very quick to spot when something doesn't look right.
I guess people need to take their custom elsewhere in order to make these dinosaurs listen.