And the only option left is to hunt the breach asking them one by one who's responsible. Use standard requests and beware of panicked personnel, especially if you bypass executives.