Apparently the email was sent by a service called “Mandrill” which is a “transactional email platform from MailChimp”. See also https://www.mandrill.com/
Since the sensitive content appears in the message body of the emails, one imagines it might have been a bug on LE’s part when interacting with the Mandrill service. If so, shame on you, LE, and one hopes a strict process will be put in place to prevent this in future.
On the other hand, if Mandrill’s service was responsible for the leak, then as a provider of the very kind of service one expects not to exhibit this kind of fault, they should be sacked outright.