The fact that you have been up front with as much of the details as you can provide is a mark of real professionalism. Very few companies with a breach have actually let their users/customers know while still investigating the attack. That is the difference between being focused on making money versus being focused on the community. I am new to Nexus, but after reading this post, I have to say, "Yaay! Someone is getting it right!"