I wouldn't be to worried about it, and here's why:
For Anonymous, they're driven by strong moral convictions in their attacks these days (e.g. look at this puppy killer, let's fuck him up). The wayward person on the internet is of no interest to them. I've had my info posted on 4chan in full - address, phone number, email, facebook, screen names for other things, etc, with no lasting effects. Got spammed a bit, had some strange things arrive in the mail, but nothing malicious. They'll only be mean if they think you deserve it.
LulzSec is out there with a different purpose - they want publicity. The ddos attack they just ran wasn't to strategically take out services, it was to gain publicity by temporarily taking out unimportant but socially obvious targets. The CIA website was the public facing one, the only purpose it served was to be a PR job for the CIA. Smearing their PR site gets people looking. Smearing some random guy on the internet does not.
Basically, you're not important enough to warrant attention, nor am I, and nor are most people.
The impact of their attacks has more been a strong motivation to "get my house in order". I'd been using LastPass for some time but decided that I should get the YubiKey for two factor auth. I also started becoming quite a bit more vocal at work about the sorts of things it might be a good idea to take a closer look at. This is a wake up call for what's already happening. They just decided to do it and tell the public instead of sitting, waiting, and letting people continue to feel safe. If there's danger and it's at your doorstep, it's good to feel not safe.
Isn't YubiKey a fail-closed mechanism? Are you okay with trading a little extra protection from voyers with the possibility of losing access to the portion of your personal data that you deemed important enough to encrypt and vital enough still keep around as opposed to wiping it clean?
They saw some things they believed might be brute force attacks against weak passwords, so they reset the passwords of people who the attempts had been directed against. They also changed they way they handled repeated password failures to be even more strick. The basic database was not compromised and the passwords in the database are encrypted with the master password for the account so they'd have to be broken account by account.
Your question is more inviting than anybody speaking their mind. The one thing I thought when I read their statement was that it reminded me of A Clockwork Orange.
