Very smart using a VPN!
I did notice that the credit card number is salted and hashed so at least that part should be pretty secure.
I wondered about the hashtags in the place of credit card data and think there are two possibilities. One is that GSG doesn’t keep that information at all once the payment has been processed and stores it on their database as hashtags. The other is that the hacker replaced the CC data with hashtags once the spreadsheet was prepared. There may be a limit to how many crimes that idiot wants to commit. I think it’s probably the former but, to be prudent, I cancelled the card. Judging by his manifesto, the hacker is either heavily indoctrinated and completely clueless, or he’s a government operative. Oops. I was being redundant.