As the vendor of @Mail we'd like to give our feedback
* Plusnet had been using an older unpatched version of @Mail, based on the 4.X branch of the software. Their install was over a 12 months old, and was not kept updated with our latest versions
* @Mail has not been identified as the security breach for their database, this is to be confirmed. We are not aware of any bugs that do so.
* Our company takes security seriously and regularly updates the software, and are working with Plusnet to have their systems running the latest version of @Mail.