Yes, and we’re very sorry about that. I don’t think we’re not taking it seriously, and as I did mention above, if people think we should be mailing everyone who could be affected and it will be useful rather than making them annoyed to receive the email, we will. I think the only difference is the understanding of whether a report is needed or not.
FWIW I did take the Spanish test @mfmeulenbelt linked to (which honestly was pretty confusingly written even for a native Spanish speaker ) and the automatic answer it gave me was basically “our system is not sure how to deal with this situation so we don’t know whether you should do anything, we guess you should probably let your users know, either contacting everyone directly or via a public notification if contacting everyone seems too complicated.” It felt like it was mostly meant for stuff like leaks of medical or financial data rather than emails and whatnot.
Hopefully you end up deciding to stay! But if you decide to go, thanks for all the good contributions in the meantime and sorry about the whole thing!
As an aside, given how un-seriously they took the whole issue with the copyright trolls we had a couple years ago, I don’t have a lot of trust on the WMF’s way of dealing with anything, to be honest (and I say this as someone in the board of a Wikimedia chapter), and my understanding is that a lot of users are unhappy with the WMF not taking them seriously for most things. But hopefully you’re right about that