I read through this news. I don't know if it was somewhere on this forum or in a news site, but according to the news, it was stated that the incident that led to the data bridge was not directly from them but from one of their vendors, which has quite a good number of customers, and the company is not ready to send mail or come out to the public to verify the claim and warn their customers directly as they believe it might affect their company's reputation.
So Nansen took it upon themselves to warn their entire user base, both from other companies that are using their services, to reset their password and also change their emails, as it might be that they have also gotten affected. By doing this, they know that the major people who are affected will be able to get the notification and do the needful.
This period, it seems like there is an increase in hacking activities. I don't know if there is anything that hackers have recently discovered, which is that they are helping them access large databases and doing their things without the security team detecting them, and before they could be detected, they had done a lot of damage to the company, either by making away with funds or data that will aid them in doing that in the future.
Yes, it was not Nansen themselves that was affected directly, but a 3rd party, a vendor that might be holding their data or is task to do the verification. And if I'm not not mistaken, it was a practice by some crypto exchanges as well. They hired a 3rd party to handle their KYC so that they wouldn't have the burden to do that everytime.
But it this case, Nansen just want to make sure and so they inform their user base to reset their password just to make sure that they are safe or at least the attempts if any will not be successful by those hackers or those who got the data right now.