I don't know for sure either, but reading the FAQ, it seems like this wasn't a 3rd party hack but perhaps two employees abusing their privileges. I can picture a bored front desk clerk performing a large number of lookups on customer data - perhaps targeting celebrities or persons they know. If that's the case, then somehow Marriott's system monitoring was smart enough to differentiate potential misuse of data from normal usage patterns. Scenarios like that are more nuanced and the question would be when to report it as a data breach.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho