There are other ISPs and companies who have done substantially worse things and seem to have gotten away through a couple of paid editorials. Leaks of those nature will always happen, but then it is more important how the company affected reacts and does damage control. CW did what was necessary. There are other companies who denied similar incidents for weeks (FWIW - do a search on Pastebin for some prominent SA domain email suffixes and you will see what I mean) without taking ownership.
Whatever makes you warm and fusssy on the inside