It's no laughing matter. If the person/people who had been using your connection had been using it for dodgy stuff like credit card phishing, massive large scale spamming, or worse stuff such as kiddie prawn, it would have been you that was liable and would have to prove your innocence. If it's your connection that's being used it would have been taken as read that it was you engaging in these activities.
It's well known that the WEP security protocol can be hacked very (VERY) easily and is as good as useless. One of my work colleagues posted a link on our internal intranet showing to a, quite frankly, horrifying, page that was essentially "Noddy's Guide to Hacking into WEP". No technical knowledge is needed, all the tools to do it for you are readily available so if you're using WEP encryption thinking you're safe then think again. By using a dictionary attack, WEP can be broken without too much effort. By using a pre-shared key as long as your router will allow and using a random character string it will make hackers life very much more difficult.
If your router can use WPA, or better still WPA2 - the WRT54G can use WPA I see - then you are as good as safe. WPA has been cracked but if you use a long, ideally 63 characters, totally random character string for your pre-shared key then it's likely the hacker will have died of old age before he can break the code.
A useful tool for generating long random strings that can be used as keys, see:
https://www.grc.com/passwords.htm
If you can get WPA working then it's the best option.
Duncan