Irrespective of whether is is a genuine excuse (which quite frankly it doesn't) you should never send personal identifiable information UN-encrypted, they clearly have access to a computer otherwise how are they communicating with you and it is not hard to reinstall GPG and ask for your public key again, either very lazy vendor or outright suss, either way I know what I would do.