I don't think anyone needs to worry about CC info. It really depends on how he got access to the server. Chances are all CC info is stored in a SQL database. And the MySQL server could even be else where than the wickedlasers server. But even if it was, he would still need to gain access to a different area of the server, which I would think is much harder.
All that info was probably taken from any one of a number of DNS data gathering sites. I highly doubt he tried an SQL injection, mostly because that kind of data is so easily obtained elsewhere and is not representative of what would be in a SQL database. Databases are used to store things like purchase data. They can also be used to store site data (such as descriptions of lasers) if Wicked uses a standard CMS, but there's absolutely no need to have server data like the hosting provider in a database.
tl;dr: he probably just used any number of DNS utility sites which display standard data like that (it's all public)