"Backup of LastPass MFA/Federation Database – contained copies of LastPass Authenticator seeds, telephone numbers used for the MFA backup option (if enabled), as well as a split knowledge component (the K2 “key”) used for LastPass federation (if enabled). This database was encrypted, but the separately-stored decryption key was included in the secrets stolen by the threat actor during the second incident."

So our 2FA info (the LastPass Authenticator app) is unencrypted and in the wild?

It's not clear to me whether this is the seeds for the individual items in the LastPass Authenticator (bad; means effectively your 2FA-protected vaulted items are rendered only password-protected), or the seed for your LastPass Vault 2FA (still bad, but not nearly so much; means effectively 2FA for your LastPass Vault is rendered null).

They still couldn't even get the comms clear on this point.

Might be easier if they just list what hasn't been stolen

Everything but your master password (which they don't hold). So everything that these incompetent ** had.