They brought in outside IT oversight afterwards.

That's very bad news for the IT leadership, basically they are not trusted. I'm assuming there will be some turnover there, but you have to be careful about how you terminate critical IT people lol... better to ease them out on mutually agreeable terms.

If you just have security escort them out the front door, they might forget to give you that extra bit-level encryption key they put on the main hard-drive array

IT staff is like IT hardware... if you operate with thin backups (I assume they do) you need to be very careful about disruption.

Tech world is full of stories along those lines. Best one was a dude at startup who began as a contractor building their core systems, during which time he licensed to the company some code that he had developed previously and owned as IP. The license continued for many years, for a trivial amount that accounting handled automatically. Eventually the company got big and they hired him as a full time employee.

Management changed and they lost visibility on the fact that this guy owned a key foundation of their system. He had it setup to require a license key update on some periodicity, which he had been taking care of all along. They eventually fired him under contentious circumstances and hustled him out the door. Then their systems stopped working when the license didn't get updated. They had to pay the guy tens of millions, way more than it was normally worth, because the alternatives would have been to rebuild their code from scratch, or try to sue him which would take years if they even won.