I do appreciate that disclosure after a breach can help retain or even regain confidence. Whether it is after a bank-robbery, a data-breach: owning up to having made mistakes is not necessarily bad.
However, this CEO needs his head examined. Simply changing your T&Cs to make your customers sign that only an idiot would entrust the company with their money will invariably come out as "I am not responsible for what happens to your money when you pay me" which will lead to a resounding "WE ARE NOT RESPONSIBLE FOR YOUR POOR SECURITY.....YOU ARE".
Mocking customers killed Ratner's too.