You're an idiot if you leave "reams of personal data" available on a message board database, but that doesn't mean the people who steal it aren't cowardly fuckstains who should be strung up by their atrophied little scrotums.
While we should upgrade, this particular vulnerability is only in 3.8.6, which we aren't at yet. If we'd been up to date, we'd be vulnerable.
I suggest doing it on the fly, with no safeguards or backups. Be sure to lose most of the Gray room, and anything posted by Baba.
It's also much more expensive, no? And utterly incompatible with every hack for 3.x, or so I was told.
I run the Vb 4.05 CMS on my forum, it's pretty good, costs about $300 (requires a brand new license, but the license is for life).....but I think the biggest problem you might face is rep. I haven't been able to find a hack that displays rep comments in the thread, it seems like a lot of the previous coders for rep modules have stopped updating their hacks....so unless there is a workaround that you may know of personally, it's something to consider before going all the way to Vb 4.
I'm not sure how licensing works. I would assume they're doing what they used to though - lifetime upgrade version available, 3 year upgrades, 1 year lease, etc? Therefore it would depend on which version you went with?
^^ They only do outright licenses now (with an available upgrade if you bought the previous version within 1 year)....but at least as recently as 8 months ago when I bought Vb4, the purchase of the software is outright. No leases anymore.