200,000 Restaurant Depot clients affected by hack, 16days to notify clients

Restaurant Depot has finally let a rough number 200,000 of accounts from clients that was stolen in a November attack. The company was alerted to the hack on Nov 9th but failed to notify its clients of the hack until 25th of Nov? why is this that it takes them 16days to get this done? The main problem we have in this situation is that in the world of money it cost the company less to keep it secret for as long as possible therefor they can still have the income making money and still possibly not loose as much in the end. If they was to notify customers as soon as they found out without confirming anything then they would loose a lot of money if they had made the wrong choice or a mistake. Now the above sounds bad, but in a business world it is just how they roll. Governments of the world could change this but then would this mean we are back to having to trust our governments to "fix" everything or be in control of every aspect of our life’s and what we do. The one good thing about this problem is that Restaurant Depot, in its letter to customers, said it would reimburse them for any costs they reasonably incurred as a result of the breach. For example, if customers are required to pay any fraudulent charges on their credit or debit cards, or if a bank charges a fee for replacing the compromised cards, the wholesaler will cover the cost. the letter can be found here At the time of publishing the website for Restaurant Depot was offline, https://www.restaurantdepot.com more on this at bankinfosecurity.com