Oops
What IOActive have unwittingly done is demolish an entire business. Cyberkey has a thriving business based on an extensive range of products and systems. Demonstrating that they're not that secure will undermine this business, possibly terminally, so you'd expect them to fight back. They do have one thing in their defense as well. Their keysystems may be cryptographically crude but they're adequate for the use that they're being employed for -- after all, you don't need sophisticated algorithms to defeat their locks, a crowbar or bolt cutter will do the job.
Using the DMCA is a dumb move, though. Surely the better thing is to talk to IOActive about minimizing the damage that disclosure will cause and coming up with a plan to remedy any shortcomings in the existing product line?