Maybe you have entered your private key in a phishing website.
You can't identify the hacker only with that address. It seems that the account was new and created solely for that purpose (storage of stolen tokens/Eth). There's no outgoing transaction as of yet and the address continue to receive tokens.
What I noticed was most tokens received were limited to Utrust, PHI, STP, SPA, SDE, TKT, ebit, COPYTRACK, Transmission, GlobCoin Crypto Platform. Does one of these tokens send you an email or let you fill out something connected to your wallet? If yes, that might be the cause.
I agree. Phishing is one and more accurate way of hacking private keys and accounts here in this industry that is why we need to get rid of this kind of modus. We are responsible of what will happen to our funds. There a lot of prying eyes that wants us to be a victim so much better to have situational awareness at all times. Take note that all transactions are irreversible so watchout and double check the site you are visiting.