Inside job definitely.
Data leaks is something every provider is worried about 24/7, even if you are investing money into it, is never guaranteed (WHMCS exploits, SolusVM exploits // 0 days ,etc). Quite unfortunate this happened to them. Still it can happen to anyone.
Nice to see everyone...