She thinks that it is inexcuseable that they have had such a breach and that no mention is made anywhere on their website to forewarn customers of the potential risks.
Once a risk’s been exposed it gets fixed, and generally the company takes a fresh look at what they thought was secure. I’d be happier with CRC now than most companies tbh. Lots of places have weaknesses waiting to be exploited/in the process of being exploited, CRC have at least one less.
As for “potential risks”, what ongoing risks do you want them to warn of?
Not going to entirely defend CRC, they handled it very badly, they were still saying “Maybe there’s a problem, it’s not been proved, and hardly anyone’s been affected” long after my bank were saying “CRC fraud sir? We’ll put you through to the team that’s dealing with those, but it might take a minute to get you through because there’s been blimmin millions” And I don’t think their public explanation was true, though there’s legitimate reasons to do that to be fair.