Are they kidding?
"but reputational damage could be 'far greater'" ... what reputation? Who wrote that?
Britain's leaky outsourcing behemoth Capita is warning investors that the clean-up bill for its recent digital break-in will cost up to £20 million ($25.24 million). At the end of March, the business was blindsided when criminals broke into its tech infrastructure and stayed inside for more than a week before Capita realized …
If the statement refers to the original response then it could mean "we couldn't trust the data so we had to delete and restore it". Even if the CNC part of the breach only refers to an outsourced cleaning contract, you don't want someone wandering around HQ with a bogus cleaner's lanyard.
But yes, erased information can be restored and compromised information remains irrevocably compromised.
There is certainly a massive lack of transparency as to what went wrong. Personally my bet would be on a subcontractor brought in to administer systems on the cheap, a la Lapsus v Okta.
Because 0.1% sounds a lot smaller than 1 in a 1000 when they have millions if not billions of records that may have been accessed. Most of the general public don't "get" percentages, especially when it's a smallish fractional number so it leaves a sense of nothing too serious happened and if it did it was only a little bit.