Data Protection consultant here - this is, factually, a breach.
Merchants can store credit card information. However, that data must be encrypted (PCI DSS Rule 3.1).
This paste-eating mouth-breather, opted not only to store payment information, but he sent it out 1) Unencrypted and 2)...