Well, not exactly. LastPass published the details of the August breach when that happened, updated that in September with more details, posted again when the November breach occurred, and just now posted with full details.
In each case, they acknowledge the incident quickly with what was known at the time and then followed up after forensic investigations revealed more details. There’s no indication that LastPass was concealing anything.
Let’s move discussion of the breaches over to the comments on the article I wrote about it, where there are actual details. This topic can continue with rolling your own password management solution, which might be fun for a techie, but certainly wouldn’t be safe for the vast majority of users.