> an account had exfiltrated thousands of files and shared them with multiple external accounts

I'm just questioning why she would email to multiple external accounts directly from her corp email instead of saving to 1 personal account and then sharing from there, undetectable, many times. And yes, they would still have detected the 1 email but I'm questioning the accuracy of this explanation; sounds partly made up to make it sound more serious.

Multiple external accounts could mean her lawyer's account and her own. Or 2 lawyers' accounts. The latter would help show she didn't distribute the files to anyone else.