What would be the damage: Are you domains safe. Now, your info, name address, list of your domains may have been stolen. Even your pw may have been stolen. What now, will you lose your domains. First change your pw. The hacker can still have access to your pw and login to your account from his device (and you can probably check if this happened). But can your domains be stolen, there are two ways to transfer, one with authcode, and another with push. Authcode is not displayed anymore (?: not shown to us at least), and emailed to admin contact. So unless your admin email was also stolen your domain can't be moved to another registrar*. What else can happen: theft via PUSH, or SALES via Epik's own marketplace. Epik must do something about it, and I bet they did. ... So, the important thing is making sure your admin contact email is safe. *Can admin contact be modified from Epik, if so this would be a big risk.
Nameserver changes should also require verification (if new ones used at least).
Another thing: The hacker can sell his own domains to you using Epik marketplace (but this would be very noticable, and probably not happen).
Other stuff: hosting, certs etc are more complicated, and can't say anything about it.
Can such data be used against you in UDRP, yes, but I think this would count as an illegal use.
Finance: use a low limit card, and monitor it frequently. How about cards used in the past?
You can consider moving all your domains elsewhere , but this can mean an enormous renewal/transfer cost in a short period of time.