Fortunately this isn't as bad as the PSN fiasco. Its still not good to have your personal information leaked like that. That could lead to further security breaches for the people who's data was stolen.

Just received their e-mail and my first reaction was that it was spam, but on further reading I was convinced it's genuine. At least they're transparent about what happened.