MoonshineMidnight
Pixel phones with stock OS have a feature that allows you to install applications remotely, not sure if this could realistically be used for an attack but its possible. Regardless a lot of data is uploaded to a google account automatically anyways.
Regardless, it was most likely them going through their google account. OP hasn't given a lot of information on what information they had exactly, but that seems like the most realistic guess.
Hacking is a fairly complex, expensive, and sometimes just not realistic thing.
Anyways, for the OP
I doubt your router of all things has been compromised, unless there's information im lacking that could justify it. Its just not a thing that really happens when compared to much less complex attacks. I wouldn't even see the point in hacking your router either. You would have to monitor the traffic and assign IP addresses to domains/websites to get any useful information and HTTPs does not help either. You might be overthinking things.
No security system will be perfect either, attempting to cover extreme situations like zero touch exploits/malware on your router is going to simply take away resources towards effective security practices.