So essentially they randomly cut off a bunch of long time maintainers for some vague legal and/or security reasons. If there was real reason to do that in a hurry, that's what we need to see, not a corporate PR message.

100%. I assumed this was inspired by the supply chain attack, but what a horrible way to address this. Reverting it back before revoking it a second time is even more bizarre. Severely mixed messages from leadership, perhaps?

It’s not clear to me - did they entirely cut them off, or did they reduce their role as admin of the GitHub org?

If so, I'm not defending it, and I could understand why someone would feel insulted by that - but also get why an org doesn't want too many with elevated privileges.