@OP they have been tracking for many years. “Leadership” discretion on what to do with the info. For example IT repeatedly reported the below suspicious activities to “Leadership” and they turned a blind eye for many years.
Multiple CDSIDs daily using one CDSIDs laptop to sign on. The activity nearly always between the hours of 5 pm and 4 am. This was reported for years, then after one “Leadership” shuffle an LL5 asked how this could be. The investigation uncovered that a non-Ford employee was being paid by a group of Ford IT employees to do their work. None were capable of doing the work they were hired to do. Further investigation uncovered an even larger scam.
A CDSID regularly signing on from different continents on the same day. Again ignored for years until there was a mistake made by that CDSID when signed on from India and corporate data was deleted. The owner of the CDSID residing in Michigan fessed up that he had given his CDSID and password to a friend in India who was helping him.
Individuals spending less than an hour logged on in a month. Lengthy list. This was a part of reducing costs. Why does a person need a laptop for 12 hours of use a year? Could they use a tablet/phone instead? Ironically many of these people were in IT.