Many users were logged in as root in the system.
Multiple people log in as root routinely? My advice, which admittedly doesn't help with the question at hand: If the data on these systems is valuable at all, then run, don't walk, to hire people who have more experience in security than the ones that are in charge now.