I think when it comes to data privacy, full disclosure immediately is always the best policy. Obviously they can say, "Hey guys, this happened but we're not sure about the scope yet." At least let people know that it happened as soon as possible.
I work in an area of law where data privacy issues come into play, and that's generally NOT how we handle the situation. You have to know (1) what was disclosed/breached, (2) how much of it was disclosed, (3) how long ago the disclosure happened, (4) what kind of risk you're actually talking about, etc.
Just saying "There was a breach of data" doesn't really help and is more likely to cause a panic. What data? What's the real risk here? Is this a big deal? Whose data was taken? Is every account affected? Did they get financial info? Home addresses? Other sensitive ID information? Or did they just raid everyone's profile page to make it say something about enjoying the male member?
If I'm running the company, the MOST I'll do is say there was a hacking attempt, some data MAY have been taken, and we're currently doing everything we can to figure out what was taken, how much of it, etc., and by whom. We're working with the authorities on this, and will keep our customers updated with details once we know them ourselves.
A statement like that (A) at least gives folks a heads-up that SOMETHING is up, but (B) also cuts down on wild speculation by making it clear that we do not know the full scope and nature of the breach, but we're workin' on it.
--EDIT--
Also, I'd feel perfectly fine PLAYING right now. If anything, it'd show that someone else isn't on your account. Change your password, go play, and if you get booted off with a "You have logged in elsewhere" you know something's up. Otherwise, keep a weather eye on your credit card/bank account/paypal account info, and report fraud ASAP if you see it.
The sad part about this and stuff like identity theft is that it happens so often nowadays, that credit card companies and banks are better prepared to deal with it when it happens. I had my identity stolen a few years back, and it was taken care of pretty easily. My credit card company helped me, the ratings agencies got my account scrubbed, and really all I needed to do was fill out an affidavit and have it notarized. For fraud charges, I just dispute the charge and let my 800lb gorilla go fight on my behalf.