Good for them...
I think the university is doing the right thing. They have said in the past they dont intend to include details of how to clone the card so that everyone else can start doing it, and this kind of provision of information and awareness to errors to the entire security community could prevent similar errors occuring in the future, as well as educating people to how to find and prevent them. If the chip maker has an insecure chip, fix it, dont sue the people that inform you its not secure. To the best of my knowledge the university hasnt been joy riding around london on a free oyster card!
Has intelligence and education become a thing to be feared by chip makers now, so much so that they feel they have to stop people learning from past experiments and research?
[Paris, because she can relate to NXP's clueless nature.]