According to the released blog post, the attack began in January. As of February and until the discovery on July 4th, users may have been exposed by the perpetrators. That means at least six months of a security breach.
When they were discovered, a thread was followed to find out exactly what had happened, Staff found that someone had applied modifyed Tor protocol headers to do traffic confirmation attacks. It remained on the network, undetected, from January 30th onward.