So yeah this is mostly what you'd called a data leak, not particularly a security breach per-se but that would depend on what caused the leak. If it was a misconfiguration for the cache it'll simply be that and a data leak. However if there was some nefarious access on Valve's systems to result in this it would be a security breach with Valve that affected users with a data leak. At most I think you can see the information and remove paypal/cc/phone number from the account but you not much else than that.
What was the response time to take it offline? 2hrs? Completely unacceptable. We'll have to know more if it's really a security breach or not.
Oh is it fixed now?
Very curious what an Xmas day response time looks like for security and data issues for various companies