For some reason the alleged hackers (who were trying to steal wallets with a trojan in the executable file that was included in the leak, btw) didn't include the 3 last months in the transaction lists.

It's reasonable to believe they stole the coins during this period and then tried to steal even more with their release of the documents.