Re: What ???
Troy did a blog post on it. Apparently some guy for reasons unexplained was connecting to random IP addresses on port 80 to find those with directory browsing which exposed database backup files and helped him(presumably)self to it. He then shared it with Troy who worked with AUSCERT to get it dealt with quickly.
Troy's argument was that since the organisation committed to actively contact those affected, since he had not shared it with anyone*1 and that the mystery guy promised he had not shared it with anyone else and promised to delete all copies he had personally*2, there were no further known copies of that data in the wild.
Now unless the mystery guy was some "friend of a friend", I'd be a bit doubtful that all copies were wiped securely. I would have preferred he treat it as a sensitive breach (even if he withheld notifications for a few weeks to let RC notify through official channels everyone they can still locate) but hey, his bat and ball, his rules.
*1 - I have completed confidence of that being true personally
*2 - I am somewhat less confident in that assurance.