Now that you discovered system ‘penetration’. You never listened my advice on the ‘bug’ . Take this advice again.
Master log that has given you the info can be deleted, system auditors can check the audit trail and discover the ‘service’.
Ensure whoever gave you info makes database schema for the whole database or atleast the log files.
Then invite credible firm to audit and make a case in supreme Court that is largely ‘analog’. Mass action ‘DON’ T.