Luckygirl3, I'm sorry this has happened to you. From what you say, I assume that your address book data was taken in a data breach online, not from your device.
You could increase your safety on line by opening a second email acount (with a different provider) to use and set up as a recovery account. It is useful to have a second account - mine is used for emails that I mostly will delete and for unimportant transactions. However, when I access my main email account online (not through the app on my device), I get texts on my mobile phone to say my account has been accessed and if I didn't access it, to let them know. This is also followed up by an email to my recovery account saying the same thing. I get plenty of warning about access to my email account. It might be worth considering. A recovery email address will help if you accidentally get locked out of your account as well.
You may know all this but it could be useful for others to consider too.