I think that's quite an assumption that they'll be able to prevent something like this (or worse) from happening again. Perhaps they can "plug the hole", but the infiltrators (and/or copycats) will likely be emboldened by success, the media coverage, and the applause they're getting from a lot of folks (just read the comments on Ars, for example).
Let's imagine that perhaps the goal this time was simply to embarrass Epik and destroy a lot of folks' trust in them.
Let's imagine that customer's financial data wasn't leaked this time around, perhaps domains weren't stolen (yet) this time around.
Who's to say the next attack won't have more of a financial objective (such as domain theft, cc theft, identity theft, ransomware)?
(To be clear: I personally don't know the extent of the damage that's been done, or will be done as the data is spread around the net, sold or otherwise makes its way into the hands of various parties, etc)
Will a second attack even be necessary for this to get a lot worse for folks whose sensitive data may now be "out there" already?
Sooo many questions... it's unbelievable to me that people are doubling down before even seeking answers. Do people seriously value their domains/finances so little? Do these folks not realize that there are now going to be a LOT less people willing to set up an account at Epik? I would advise that anyone who's hoping to sell their domains do a simple Google search for "Epik" and see what potential customers will be seeing. It's not very reassuring.