Hello Dynamoo!
It does sound like your overall approach is good though - you need to look at the issue from a "whole business" perspective which is what you are doing.
The latest news I received on this, was that we were being advised by a very strong law firm in the IT area. I heard they were going to collect evidence of the intrusion. This I don't know if they actually did it, but I think they should have done it by the time I write this.

As I mentioned before, the intruders did not gain access to system tables. All they did is figure out how to call our stored procedures, with proper parameters to perform their business operations. They could (but they didn't) stop performing some validations that our front end apps do. However we cannot allow them anymore to do this. Also, there is some economical interest on our side, because if they don't use our front ends, they are not required to pay for some licenses.

They did show us that there is a big open door to enter our systems. Some malicious people may get in, and that would be a disaster.

Personally, I did enlarge my vision, because, when I was first assigned to this, I looked only at the technical aspects. Now everything must be balanced, and the most important things for us are to continue to operate, not to loose any customers, secure our systems, implement intrusion detection systems, and always be in the clear legally. Only that! lol

Thank you!