I've recently been receiving "Grand-Palace" and fake LinkedIn spam on an email address that I used to register with geni.com in 2010. This address has not been used for anything else. It has not been posted anywhere else. It's never sent an email, it's never received a non-geni email. It's not an easily-guessed address that a spammer would hit just be shotgunning my domain, I've never had a spammer shotgun my domain, and it's set up in such a way that a spammer couldn't distinguish that address from any other on the domain, so there's no reason anyone would hit on it randomly.
Geni.com's privacy policy states that email addresses are never provided to third-party advertisers without explicit permission. I don't recall having given such permission. So the question: how did the spammer get this address from geni.com? Was this an intentional or unintentional leak? Why haven't I been informed about this leak?