An unauthorized third party has BREACHED all (or some, or several or a few, or none) the security controls. So Yes.
It is time for cyber literacy. And a bit of cyber security awareness.
This is a ridiculous statement. If someone unauthorised has accessed data that they should not typically have access to, it’s a breach. Nothing more, nothing less.