I'm really sorry that this happened. We do our absolute best to secure your hosting, but the easiest way for a hacker to gain access to your passwords is to ask you for it. We find many clients use unsecure passwords and we strongly advise against this. While some passwords can be long and hard to remember, the best data security practice is to use randomly generated passwords (not related to birthdays, childrens names, etc) and to change these passwords regularly, especially for sensitive accounts that you can't afford to be compromised.
Please change your access passwords immediately. It would be best to change your cPanel access password as well (you can do all of this in ClientZone) just in case that was compromised. Best to also ensure that you brief your team never to click unsecure links in emails and never to give out their mailbox password under any circumstances.
You may also find that someone is spoofing your address. In which case you may need to send us the email headers received by the clients complaining so that we can try to determine the location the mails originate from and log a request with the hosting ISP to investigate the complaint.