Peter it may be that they did not get access to the email but simply mined your contacts list, have you looked at this ?
If it does not appear to have actually come out of your system through your SMTP servers then this is also possible. Someone mine your contacts and then uses the email ID to send them out from a totally different dummy account to your contact list, masked address so it looks like you. This is a common phishing attack.
I would start by looking at what applications have access to contacts on the phone and laptop. The usual range of nasties like Farcebook try and copy your contacts up to “make life easier” and then if they have a breach the list can be stolen from them. This list is then sold on and used for phishing.
Not much you can do once it is out there but I am guessing you probably are aware of this with your experience ?
