"We're disappointed in having fallen short here, and very sorry for any distress we've caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us."
You failed.
I'm getting very tired of these mass data breaches without any real consequence to the companies involved. I know that people should probably be not giving them this info, but I wonder how much is by choice - after all, if you buy something, you need to give your details, and I'm pretty sure you don't get an option to opt-in to the site keeping them.
It's high time CEO's were held directly responsible for these issues.