I am trying to catch up with events too. Looks like quite a bit has transpired when I was asleep. That said, KPMG did report that the system was vulnerable in a way that could allow someone with the right credentials to tamper. Specifically they did not seem to have logs(info that tells you who did what when) in place at the time.
That was my casual reading with MOON Ki 's helpfulness. I should do it justice and read it in full. It's likely to be the subject of litigation soon.