From TFA, it was logs from "9th of August 2019 to 11th of October". Keeping two months of web logs isn't that unusual surely?
Although if ours started hitting multiple TBs, I think we'd probably shorten the retention period right down.
Maybe the data breach was deliberate. This way people will download their logs, and then there'll be backups that they don't have to pay for :)