Another thing we should do is try to find out if there are any common ordering patterns with people who received these letters, we can probably narrow in on what happened (ie: which vendors talked / had piss poor security and didn't wipe addresses, or if the server itself was seized with plaintext addresses still stored on it).