The 'hack' either occurred prior to March (6 months ago) or it was a 'hack' of data that was stored at a supplier/2nd site. Either way, any 'damage' that would have happened including stolen names would have and/or should have happened well before now.
Codes have been changed, more than once, and if your names do not stay locked always (regardless of who your registrar might be) you probably should not dabbling in the art of domain investing.
Until/unless someone can legitimately report he/she has had a name stolen I'm not going to worry too much.
Back to the first paragraph, if the data was hacked 6 months ago, why did the hackers wait so long to make a production about it? Were they trying to extort Epik in the meantime or did they just manage to get get access to off core storage?