Take a deep breath there, cowboy.
It makes sense to offload e-mail delivery to a dedicated party. SMTP best practices, RBLs, proper headers, server capacity, bounce handling are essential to responsible e-mail campaigns.
Almost no business has the intimate knowledge required to operate such a thing in-house. The BEST thing to do it outsource it to a mailing list provider. And the best practice op top of that is to just copy name + email address to the third party, as they have done. And after the breach they have informed their customers proactively too.
Srsly, they did everything 100% right.