Some small tips:
1) Change your BRS password.
2) Change your password on any site where you used that same password. If you are an average human being, you probably did that a lot of places.
3) Stop doing that. Use a password manager, and use unique passwords for every site.
I break into computer systems for a living- the difference is I only do it when hired to do so and when I get in I provide the administrators with a report on how I did it and instructions on how to fix it. (It's called "penetration testing" in the computer security industry)
If the attackers got your email address and BRS password, you can bet they will try that same email and password on other sites, since they know most people don't like to remember multiple passwords and tend to use the sames ones over and over. The old adage used to be "never write your passwords down", but I actually feel you are safer to use unique passwords everywhere you can and write them down if you need to. Just make sure you lock up or secure that piece of paper when you aren't using it.. maybe keep a backup in your safe deposit box. I think most people can relate to physically securing a piece of paper more easily than they can the electronic world.
As for BRS, while I'm sure lots of people are mad, they appear to have done the right thing here. They detected the breach, called in experts, rectified the problem, and notified their customers. Not all companies are so forthcoming, and depending on the circumstances they sometimes aren't even legally compelled to notify their customers (though I have no idea what legislature applies to BRS)
If you think this is atypical, you should probably know that penetration tests by a skilled tester are more often successful than unsuccessful when the test isn't hampered by a tiny scope ("Only this unplugged system, only during this 5 minutes of the moon cycle, and only while the tester is yodeling" etc.)
