This is one possibility. Another possibility may be, if the breach happened several years ago, due to MH (and S7) using SITA's GDS/CRS. SITA may have stored a copy of membership numbers, names, and tiers. Both MH and S7 migrated to Amadeus afterwards. At least in Amadeus and Sabre, you can get the name match confirmation and tier status using a member's membership number almost instantly, and it is my understanding that Amadeus and Sabre each has a local copy of the information.