"unsolicited emails to our clients" - either it's bad wording, or they admit that the mailing database was also accessed/used.
Hopefully, Namecheap customers will be informed soon about what is going on.
Fortunately, I didn't receive any such spam or phishing emails.
Note though that I had had ongoing concerns about the security of their privacy services. As a result, upon request last month, Namecheap had completely removed from my account any connection whatsoever to their "
Withheld For Privacy" subscriptions. There had been unusual issues showing up on my account, such as unexplained FT listings and wrong Whois information.
The privacy company used by NC had an outdated copyright of 2021 listed. This did not inspire confidence. If a company responsible for significant privacy and security can't even get the year right on their main web page, can they be trusted for the bigger stuff? I'm not sure, but I didn't want to find out.
Hopefully, that privacy company is not where the current breach happened, but admittedly I wouldn't be surprised if it was. And the company may be unrelated to the other ongoing security concerns in my account, but removing it seemed like a good start for now.