DigiNotar knew about and hid the attack. I don't believe there is any evidence that the CA/Browser Forum knew about the attack until it was made public.
Right. Well the attacks (and emergency revocations) go back at least to March with Comodo. Vasco/Diginotar had auditors and outside security consultants in June. Maybe not CAB Forum per se, but I'm not so sure I believe that no one was notified of anything. There are likely some serious contractual disclosure obligations there, perhaps even criminal WRT the Dutch government.