Ok so I want to stress that either option would be a bad scenario. Eroids is run on an older version of Drupal CMS which was prone to hacking before. This is exceptionally bad if you (like many others) communicated thru messages on there about orders, personal info etc. I addressed this in our old site about the database and how messages are stored their unencrypted. So any hacker or anyone with access can read all user messages if they wish.
This is common enough that a couple weeks ago Drupal put out an article on what to do when your site gets hacked.
Lets say there's a server issue with bad management. The last backup was over 10 days before. It is a bad standard in network administration and a site active like eroids would need nightly backups. A hard disk failure is extremely unlikely and seems they are just looking for a reason to give instead of saying "hey we dont know what we are doing and lost everything recent."