I received one of these letters and nearly tossed it out before noticing the buried lede in the middle of the fourth paragraph indicating that my information had been compromised.
Came here to say this! Only after reading about the leak here did I find the admission in the letter they sent, hidden under all this marketing copy about keeping you safe is our priority
and I missed that paragraph entirely ... I've also received, what apparently matches the description of the "smashing" in the original article, attempts sent to me, too. They were, to me, so obviously scams (the hostnames were suspect) that it seemed unimportant to notice the _real_ tracking codes used.
Now I'm more interested to know how this data leaked ...
