As if their previous antics weren't bad enough...

To make it worse – they have only revealed getting hacked after someone literally published their private key on twitter.

References available on my source or by your choice of Internet search engines.

In my opinion, every company gets hacked. But I'm still hopeful that this is not going to become an actual issue for them. As there was no damage to users (no credit details leaked, no traffic etc) I think the issue on its own is not that serious. They could have disclosed it earlier, yes, but checking 5000+ servers for potential breaches has to take some time.