how do you know that no customer data was affected? did you work with github and scan all uses of your keys? how do you know if a use of your github key was authentic or not? did you check with anthroipic/openai/etc to scan logs usage?

It's really hard to trust a "hey we got this guys" statement after a fuckup this big

That's why countries should start to legislate on these matters, there are no incentives in focusing on security and properly report to the customers such vulnerability.