Perhaps the attacker determined how the software interacts with customer information, by reading the source code, and was able to exploit the information somehow.