shell we have a game of "how was it done?"
No details have been released about attack and I do not know what happened but the most common attack that I seen that gets data out of an organisation is the following
1) Spear phishing attack to an admin to deliver the dropper via a URL from a hacked wordpress site
2) Second stage down loader exploits one of the following (Office, Adobe, IE) to gain kernel level access
3) Creds for key systems harvested
4) Data accessed with Creds
5) Data exfiltrated via the web proxy
Or an un-encrypted USB stick left on a train.