I was notified with two separate emails. I subscribe to their security posts (https://wpenginestatus.com/latest-security-update/), and got a separate customer email 12 hours ago informing me of the issue.

They emailed everyone who ever had a login. I got an email about it and I was only added as a user to help manage an install 2 years ago.

I maintain that I never received an email from them. Not in spam or otherwise.

Depending on the timeframe and how many customers they need to email, they do need to stagger sending otherwise they can be blacklisted.

TalkTalk (UK ISP) got public backlash for using the media to announce their compromise via the media before notifying customers by email. The CEO said, the media was the quickest way as sending that many emails would take days.

I suppose that makes sense. Still a little disconcerting that I haven't received one yet.

Well then maybe you should contact them and your email provider and find out why you didn't get the email. From the other comments, you seem to be in the minority on the "finding out about it via HN first" front.

Check your spam. I received an email about 12 hours ago (4:40am GMT).

They notified us at 10PM EST last night.