I've been hard on CDPR throughout this launch "situation", but in this case I'm willing to cut them a little slack.
The hack is a big deal. They likely have to discard files going back to good backups before the hack. Depending on what the IT forensics reveal, that could be days, weeks, or even months worth of work. Plus they then have to implement new security measures to make sure it doesn't happen again. More security always means less access and slower work processes.
Is it possible the hack is a "the dog ate my homework" excuse? Sure, but it's a very plausible reason for a delay. If the 1.2 patch is as extensive as they hinted in this latest statement and goes smoothly, then I think there will be a lot of forgiveness for the delay. If it's a big dud like 1.1 was and introduces new problems, CDPR will need their asbestos underwear for all the heat they will get.