The issue looks to be that they thought they had informed all the affected users back in 2015, but underestimated the set of affected users. The breach certainly wasn’t secret until today, they posted it publicly at that time: https://slackhq.com/march-2015-security-incident-and-the-lau....
I also believe they were aware of this problem in March of 2019 as I was forced to do a password reset on my affected Slack account from my password manager last updated timestamp.