The attacks were initiated in November 2014, and used emails that appeared to originate from ICANN servers to dupe employees. The attack resulted in email credential being stolen, and now ICANN has also explained that its Centralized Zone Data System—which includes personal user detail information including names and addresses—was compromised. Information was also taken from the ICANN Wiki, as well as user account data for the ICANN Blog and the ICANN WHOIS information portal.
Currently, ICAN explains that it is "not aware of any other systems that have been compromised." While ICANN underwent a major security update earlier in the year, it clearly wasn't major enough. That said, it did say that the "enhancements helped limit the unauthorized access obtained in the attack." So that's something. ICANN is now working to ensure its security measures are watertight. [ICANN]
Image by Chris Dlugosz under Creative Commons license