Comment by QuantumGood

If the passwords are still not known, the "breach" is not a fail for the end user. If the master password to the vault is secure, and the only way to the vault is still only through the master password, it's still doing what the end user wants it to do. "Breach" is meaningless without qualifiers.