The recommended email address for requests related to security is "security@letsencrypt.org".
In this case, however, it’s most likely that no action will be taken on our end because we will not be able to validate your claim. It’s not that we don’t want to help, the problem is that an investigation to determine the validity of your claim would be quite difficult. As far as we know, the certificate was properly issued to an entity controlling the domain, and if we were to revoke it based on a written request like this we could be denying service to a legitimate subscriber. I suspect you’re an honest person but that isn’t true of everyone, unfortunately. Denial of service attacks are a real problem.
The good news is that that certificate and the associated authorization will both be gone in < 90 days. This situation is one of the reasons we’re enthusiastic about short-validity certificates.