Yay! Welcome back!
A few questions.
1. Is it accurate that our Email was only in that list if we were getting the newsletter? Should I be worried about getting spam on that email account?
2. You said that we should change our passwords, but I thought that the passwords were only vulnerable if the user had not logged into the phpbb3 version of this site?