If GoDaddy released the email address, then all the person had to do was go Google that email address and most likely they would have found it. Or, they could find it using DomainTools whois lookup (if they didn't use whois privay on ALL domains they own at all times), or use Gmail or Google Plus to find out who is associated with that email address.

Once the email address is given out, then it's just as if someone had all their personally identifiable details.