If not attacked and the page says not attacked: trustworthy.
If not attacked and the page says attacked: not trustworthy.
If attacked and the page says not attacked: not trustworthy.
If attacked and the page says attacked: trustworthy.
As long as the page says "attacked", it seems likely they were attacked? Why would they state it themselves if it wasn't true, losing trust for no reason?
However, there is a thing called “defacing”. In the process, the attackers share false information implying that more damage was done than in reality.
My general rule is to stop trusting a compromised digital system until I hear from a person (journalist, in this case) confirming that the control over the system has been restored.
If journalists do not verify the facts themselves or via trusted (human) sources, it’s not journalism but syndication.
Realistically, the news was published yesterday and the notice is dated a week ago. I doubt that a company of IT experts would have failed to take a fake notice down. But I stand by my assessment of TechCrunch journalistic standards.
If not attacked and the page says attacked: not trustworthy.
If attacked and the page says not attacked: not trustworthy.
If attacked and the page says attacked: trustworthy.
As long as the page says "attacked", it seems likely they were attacked? Why would they state it themselves if it wasn't true, losing trust for no reason?