In my opinion, every company gets hacked. But I'm still hopeful that this is not going to become an actual issue for them. As there was no damage to users (no credit details leaked, no traffic etc) I think the issue on its own is not that serious. They could have disclosed it earlier, yes, but checking 5000+ servers for potential breaches has to take some time.