If I had been TDO, I would simply ask to not sent me emails with HTML content. Text is good. Attachments which can be viewed off-line on separate machine. Anyway, it would be naive to think that TDO haven't taken any counter-measures to prevent leak of their IP address. Probably some virtual machine and firewall rules.
Just shows how out of touch they were. To think that TDO would have logged in exposing their IP is laughable. They have the skillset to pull of such a major hack and then they are going to simply hand over their IP. I think not.
It doesn't say what kind of file. Probably something trying to connect to their server and they thought that they could find out from which IP address connection came.