It is difficult to know if a web site has been hacked. The logs on all of the sites I've examined show SQL injection and other attacks numbering in the thousands. Most sites have millions of brute force login attempts.

That means that the first sign of a breach is malicious activity. Web sites usually learn about the malicious activity via third party reports.