Edit - just read they reported it when realised they were the source. Did they not report anything when the incident originally happened?
The way I read the NBC article, it didn't look like Blue Toad knew they had an incident. Looks like we'll never find out now anyway since they seem to be saying they wont send notifications to those on the list but instead leave that up to the individual applications.