Re: "implemented additional security safeguards"
And cursory auditing of a website, a first-look to see if something raises a flag in order to investigate further, is a rudimentary joke that takes only basic skills. Drill down through your directory structure and look for signs of recent changes in the timestamps.
That's it. Yet, as you well noted, not a SINGLE person bothered to security check the website on an ongoing basis?
The entire IT department either needs a humiliating spanking or an outright firing. As you, again, well noted, not a single person could figure this out and accomplish a simple, continuous website oversight, never-you-mind a true audit?!