"We have no confirmed evidence of any customers suffering fraud or financial loss as a result.”
Always love seeing this line used by any company investigating a cyber attack or breach. Just because they have no evidence, doesn't mean it hasn't happened. The reality is that there is so much data already out in the wild, that information from multiple breaches are more likely to be combined. Therefore making it virtually impossible for any indvidual company to find "evidence" that their breach caused fraud or financial loss.