It does sound like they are sensibly trying to make sure they know what led to the hack and to protect against it before bringing everything back up. As it was a server hack it is entirely possible that it wasn't even targeting CAMRA in any way, more likely just spammers trying to take control of a server.

The one thing that has always bothered me from a security point of view is the fact that to log in (at least when I was a member a few years back) you just needed your membership ID and your default password was your postcode. That means that if you know a members postcode you can have a fairly easy stab at getting into their account - I'd guess at most 7 hours to brute force it without arousing much suspicion.