...
IT partnered with 10 Lb to investigate the root cause, and logs point to outdated/unsupported DNN module vulnerabilities as the entry point. It appears the site was hacked but there was no data dump.
The top most immediate concern at this point is malware and user vulnerabilities. However, the more critical issue is
Assessment from 10 Lb:
TDIC is on a version of DNN that is right in the middle of many security vulnerabilities; 10 Lb said “right in the middle of the worst.” The top priority is upgrading the site to the most recent version of DNN.
...
Set up clean instance of TDIC from an older the oldest backup, with no content (conventional wisdom would indicate the breach actually occurred prior to 9/8/2020, and the hackers waited a certain period of time to exploit it)
Remove any problematic modules; upgrade those that can be upgraded
Export PackFlash content into Easy DNN News or other secure module
Upgrade DNN
When the site is upgraded/stable, import the content and assets
...