For the most part making your forum private is pretty simple, but there are quite a few changes you'll have to make throughout the administration panel to get the optimum amount of privacy. There are plenty of more complex thing that can be done but the admin panel offers tons of useful options too.
You can start in "AP > General > Forum > Categories and forums" by changing the permissions on your forums so that Guests can't view or read. Permissions are the icon that looks like an eye with a line through it. You would have to go through and change the permission on all of the forums individually.
Next you can go to "AP > General > Forum promotion > Search engines" and add a meta tag with the name "robots" and the content "noindex, nofollow" both without the quotation marks. This should keep sites and search engines from indexing your forum. After that you can go to "forums directory" just below "search engines" and select "no" for both "Participate in Forums directory" and "Be indexed on
www.motiontopic.net" then go down one more to "traffic exchange" and change that option to "no".
After taking care of that go to "AP > Users & Groups > Users > User options" and change new accounts activation to "Admin" so you determine whether to let people into the site or not, then select "No" for both "Activate Topic'it Connect on the forum" and "Automatically activates Topic'it Connect users" so people that want to sign up will have to go through the usual method instead of an alternative. After that go down one to "Profiles" and edit the "Display this field for users that are at least" under all fields to "Members" at least or higher if you prefer more restriction on who can view them. Do this for both the "Profile Fields" and "Contact Fields" tabs. After you've done that go all the way down to "AP > Users & Groups > Special Rights > Special rights" and change all the options that say "Guests" to "Members" or a higher level if you want more restriction.
After that, if you have the portal activated, go to "AP > Modules > Portal & Widgets > Portal Management > Structure" and change the permissions on all of the elements you have in the portal to exclude Guests. Then go down to "Forum widgets management" and do the same if you have widgets activated. I would recommend removing any social widgets as well like facebook, twitter, like/tweet and discord.
With that done you should go to "AP > Modules > Social networks > Facebook" and disable facebook connect and the like button, then "Twitter" and disable that as well, then "Mobile sharing" and select "No" there. If you have a roleplaying game going make sure to "AP > Modules > Roleplay game" and change the visibility to exclude Guests.
I, personally, would also recommend disabling the mobile version of the site and making a closed "Registered Members" group with the permissions to view and post to add established members to and leaving the default "Members" group with heavy restrictions on where they can post so you can screen them and make sure they aren't trolls before giving them proper access. Still, after all that you should have a decently private site. That said, the hacking issue may have more to do with the member's side of things than the forum's. You should ask your members to change their passwords on both their accounts and their connected emails as well as any emails connected to their emails. And change your passwords too, just to be safe.