The "specific set of actions" is so vague that could range from just opening a specific company page and clicking on a button to performing a complex chain of steps.
This said, it's not that bad, that's true. But the idea of having the personal residential address exposed is not great either.
That vagueness is clearly designed to disguise the truth, being "going to his own company's dashboard and trying to view another which he didn't own and pressing the back key four times" https://www.bbc.co.uk/news/articles/c5y41p0dy1wo
As for the the personal residential address exposure, it is a huge breach. This website keeps certain Directors' private info private for very good reason. I look forward to the regulators, ICO, imposing an appropriately huge fine.
And just love the "if we find evidence that anyone has accessed or changed another company’s details without authorisation, we will take firm action." Firm action internally, right? Right?
This said, it's not that bad, that's true. But the idea of having the personal residential address exposed is not great either.