Hmm. If you have a domain that's used for business mail but not a Web site, that suggests the compromise was on your mail server. That might be down to a problem with you (if you used weak passwords--attacking email servers with brute-force password attacks is starting to become a thing these days, I had one of my email servers attacked a while ago), but if you used robust passwords, it's more likely down to a security problem on your ISP's end.
Nowadays, using really strong email passwords is a vital thing if you don't want your email account and/or server commandeered to pump out spam.
