But, looks like they lost, Apple checked, didn't find evidence of a breach and won't be paying.
Kind of glad, though, that I don't use Apple devices...
The theory I read was that it was reused credentials from that massive LinkedIn breech, so no wrongdoing on Apple's side, just a lot of people with reused passwords.
That reminds me, I need to change the code to my LinkedIn account... It's the same as the code to my luggage... 😀