I would not call hacking if someone is not careful enough in handling their backup, it would be pure negligence used by someone to simply gain access to another person's private keys. It is the same with fake hardware wallets sites that are trying to trick inexperienced users into entering their seed online, or if a user is sharing his seed with someone else (we see such example on this forum), and another person is just clean all accounts.

To hack hardware wallet hacker actually need physical access, which in most cases is an impossible mission. What would be far more dangerous is a remote attack, but it would have to somehow exploit the vulnerabilities of the user interface and the hardware wallet itself, possibly combined with some vulnerability of the operating system.

I'm not going to say it's impossible, but pulling a seed out of a hardware wallet with a remote attack sounds like science fiction at the moment.