This is simple risk mitigation. If you force everyone to reset your password, then in theory this eliminates any risk for BA. the SITA hack may evolve over time as they know more. By forcing a new password, they are forcing the protection that this bring upon you. They can then point to this as a measure if anything were to happen.