As far as I can tell, the sequence of changes was as follows:
The previously used email notifications (for failed login with incorrect master password, and for failed log with correct master password but incorrect 2FA) were originally introduced in PR #1870 (merged March 2, 2022), but subsequently removed in PR #5675 (merged May 9, 2025), as part of a decision to remove all use and mention of hCaptcha (an approach which was evidently found to be ineffective for throttling brute-force attacks). The email notification for login failure due to incorrect 2FA was then restored in PR #6178 (merged August 11, 2025); email notifications about login failures due to incorrect master password were not restored (and are still not used). And most recently, the number of notifications about failed 2FA was throttled to one email per hour, in PR #6227 (merged August 21, 2025).
I haven’t researched the pre-2022 history, but since then, there appears to have been a period of about 3 months (May to August of this year) during which no notifications of failed login attempts were issued at all.
I don’t know if any of the recent changes (specifically, the removal of all notification emails in May) might have been related to the introduction of the New Device Login Protection (NDLP) requirement in March — i.e., perhaps notification emails for incorrect master passwords might have been deemed less critical if Bitwarden could assume that all users have either NDLP email verification or 2FA enabled… ← [pure speculation on my part]