There are n number of ways to track when a mail server of an organization is accessed through webmail or any other manner from within/ or outside the organization. It all depends on security policies and implementations whether it is being done or not. If the rules are defined in the firewall, the logins can very well be looked into and analyzed.
If you have 5000 employees in your company, you need not go and as them for a report. They won’t be having it, it will be available with your IT administrator. But point is in what capacity you can ask, that you have to see.
Frequent logins or long hour logins do not imply hacking.