This might be related to your case – or not.
On the 22nd April 2020 security company ZecOps publicly disclosed that Apple Mail had been exposed for about ten years to 0-day remote code execution vulnerability CVE-2020-9819. They claimed that the vulnerability had been widely exploited before eventually being publicly patched in iOS 13.5 after about a month on the 20th May.
Many in the security industry were extremely worried: the vulnerability allowed attackers to remotely execute code in the context of Apple Mail by sending a crafted message, without the need for user interaction. In order to access the operating system attackers would also have needed an additional privilege escalation vulnerability. Still if your hacked accounts could be reset from email accounts managed by Apple Mail, then in theory that might explain the incident.
In general I advise you to remain calm and use caution when faced with an incident. Even professionals are under pressure and have a hard time with attribution. Any big employer would steer clear of such actions as they know that they would backfire tremendously. If you were hacked, I’d rather guess it was a third party or a specific member of the IT.
Anyway for an informed option on your case I believe one would need the reports and possibly the forensic artifacts.