However, there is an important twist to this plot:

I have received that email to an email address which I used _only_ for CampBX.  (I use distinct email addresses for distinct services/companies, e.g.  "campbx-myusername@mydomain.com"  I do that to track the sources of spam, and to block a specific email address when I start receiving spam through it.)
Only me and CampBX knew that this email address existed.

So CampBX customer's email list _was_ compromised.

It would be great to have a reply or a statement from CampBX regarding that.
Anyone?