6 years past customers names and birth dates etc... nice
I am quite sure that as it was a "backup" they never harassed (marketed?) their ex customers and just kept this for the sheer joy?
Even though I am not blighty based I would wager 30% of my right testicle that they will not get fined for GDPR breach due to backups being difficult to access and partially delete afterwards. Except for the magical hackers who just got access passing all the difficult bits by with a wave of the black hat.