If drip-feeding the details is an intentional strategy it is a stupid one. Keeping the negative story in the headlines for a day longer means it will reach more people and draw more attention.
Not just that, this drip feed of information makes formulating a proper response very difficult.
If, for example, you deleted your account after the first report in August (a rational decision), you have no way of checking what iterations setting you had, now that people are talking about it.
It's also unclear whether you will receive any data breach notifications detailing the exact impact to your data, since your account is now deleted - do they keep a history for "post-fact" situations like this?
And of course, if you didn't keep a backup of your passwords before deleting your account, you'd have to reset everything to be sure.
Terrible, awful company with no respect for their users.
There's not really any benefit to deleting the account other than forgetting they're untrustworthy and accidentally using them in the future. I would think it's better to change all passwords (at each service, not at lastpass) and leave the account at lastpass active, precisely to be in the know for such things in the future. That's unless I'm misunderstanding something about their service that makes it better off to delete the account. I've never used them.
They still have a list of accounts, email, usernames, even if the passwords have been rotated, plus whatever happens to be in secure notes and the like. Deleting the account is really easy (has to be for EU customers) and they're obliged to delete all data they hold on the user (under EU law), so I don't see any reason to let that kind of data sit around on an untrustworthy party's servers. I certainly won't need a reminder that they're untrustworthy.
