When your first Apple product was stolen, and you failed to act responsibly
by not changing passwords, or engaging known useful methods to reduce
that incursion (published by Apple, in various support articles online, etc.)
..That 'left open' access to your personal information, for undetermined time.
And was in your own best interests to update or change those settings to
to avoid this kind of intrusion, when your products are taken, or are lost.
You've had a run of bad luck, gone worse; by not addressing lapses in security
that followed a theft of your products. ~ The thieve(s) then continue unabated.
• If your Mac is lost or stolen - Apple Support
https://support.apple.com/en-us/HT204756
• Change your Apple ID password - Apple Support
https://support.apple.com/kb/HT201355
Do these things to prevent anyone from accessing your iCloud data
or using other services (such as iMessage or iTunes) from your Mac.
(Could affect an iDevice; if nothing done to change its settings too.)
And that security -where you are personally responsible- now honestly is your fault.
It could happen to almost anyone; aside from high-end methods used by agents.
That 'root user hack' was more likely some opportunistic thief who took
a chance; that some may have not used Apple's built-in security wisely.
Even insecure wi-fi router may need some attention: change password?
Hard to try & know how events unfold to others; who make honest mistakes
and probably had no idea what was within their control; before issues arrive.
