I'm not quite sure where to post this question, so appreciate that it may be moved.
We have an e-commerce site that is hosted and 'taken care of' by a professional third party. We have no technical experience ourselves , but I did a lot of DIY SEO and managed to get No. 1 positions for 4 chosen keyword searhes and recently achieved No.15 for the most elusive 'widgets online Ireland'
Whilst busy at other parts of our business in the run up to Christmas someone hijacked our site and used it to send out 38,500 spam emails bearing no relation to our business. The server pulled the site and it wasn't until I tried to access our logs and couldn't that I discovered what had happen.
The site was down for 8 days (just before Christmas) and now our rankings have dropped dramatically.
Is this action of closing down the site without asking questions or looking into the situation legal?
Should the third party looking after the site, who is responsible for the security, be held accountable at all here - or could this happen to anyone?
I'm obviously very mad but don't want to be unreasonable, is there anything I can do