As far as Valve lying about their security breach, it would be a horrendously bad idea to tell people who've just had their credit card information stolen that all is well.
No one is claiming that. However the idea that Valve actually knows the extent of the breach at this point is wishful thinking.
Not that this means they aren't lying, but I really don't see what they have to gain by doing so.
By downplaying the breach, Valve can quell a potential firestorm of customer complaints and negative media attention. So long as a long list of customers' credit card numbers has not been publicly disclosed by the hacker(s), Valve can continue to downplay the breach.