The guard rails I'll be following will be around the original blog post created by Darian Patrick in November 2016. I'll do my best to fill in what gaps I can.
The attackers targeted a small group of privileged and high profile users. It is most likely that the attackers were using passwords that had been published as part of dump of other compromised websites such as LinkedIn. This notion was also confirmed by compromised users that they were in fact recycling passwords across multiple sites with known password dumps. There was no evidence of system compromise.
What information was involved?
There is no evidence of any personal information being disclosed beyond usernames and passwords.
What was done about it?
Improved alerting and reporting to identify dictionary and brute force attacks
Extended password policy to mitigate attacks
Director of Security, Wikimedia Foundation