That announcement should have clarified whether the communication they sent to Hetzner explicitly requested confidentiality. If not, the incident is as much Efnets's fuckup as Hetzner's. Why did it even need to contain such sensitive personal information about the sysop in the first place?
Even if their initial email requested it, wouldn't you assume that a large provider like Hetzner has at least partially automated their abuse handling? I wouldn't count on a human actually reading it before it gets forwarded to the customer.
