Where does it say the database was stored on their computer? It doesn't, it says they had read only access - so the attacker presumably used their system to read from the live database.
Ah, misinterpreted that. My bad. Still, if this was the case of the leakage, I would've pulled out the whole thing while at it.
As for which tables were leaked - the user table is the most interesting/damaging? Who cares about the order table?
Well, the most damaging is probably the user table indeed. It would've been worse if bitcoin addresses and their values were connected to those users. There is speculation on who owns alot, etc. Could've been informative as damaging as well. Same for the orderbook. It would give some insight on who thought what of the value of bitcoins. I would care for that info I guess.