I'm pretty sure this is for legal / PR reasons. From a purely technical perspective, if Valve set their encryption system at all correctly, then no security would be compromised by revealing the used algorithm. And yes, as far as the actual cryptography side of things goes, I do know what I am talking about. That said, after a breach of any kind it's a common policy not to offer comments. They don't want to officially make statements like "the encryption is unbreakable, no CC numbers will be leaked" for fairly obvious reasons. Edit: Sort of confirming this viewpoint is Valve's phrasing that they won't comment because this is part of an "on-going investigation".