Robert_Charlton - 11:14 pm on Nov 1, 2012 (gmt 0)

Re other aspects of this...

Nothing is deleted! Its all there still on your server.

Only if not over-written. Not sure whether that has been explored. Yes, it would be wise to consult with a data recovery company. The backup server might be the most recoverable area, but if the hacker was doing it for ransom and he knew what he was doing, it's likely he wiped the data. If you have an auto-backup script, turn it off until you've thoroughly check the backup server. You might have daily and archived backups that weren't touched which can be pieced together.

Try to avoid further activity on your hosting servers that would overwrite what's already there.

Much would depend on how your server was set up or how the disk was partitioned. You'll need to work closely with your web-host, and fast. I'd think that considering the server was hacked, the host would be eager to work with you to avoid further damage.

Definitely explore, as TheMadScientist suggests, getting as much as you can from the people who did the customization. Not sure what content you can get from the WayBack Machine, but it's worth checking.

Cached pages, as phranque suggests, may be a source of page copies. If you were indexed by Blekko, their Premium SEO Tools offer page source and cache. Perhaps they would work with you to make some sort of bulk download available... I don't know. Other "alternative" engines may also have cache data they'd consider making available for bulk download. I'm guessing that the large engines won't, but I don't know that either.

Re the the username list, there's a whole question of what sensitive material the hacker would want to retain make use of even if he did sell it back to you, and how to deal with that.