It was discovered that many staff accounts are set up with the non-staff e-mail (e.g. where password reset requests go). We should do an inventory of current staff and board accounts and ensure they all point to @wikimedia.se addresses.
This is also a good opportunity to remove/restrict any old accounts that still have access.
This should not happen before T202420: Follow up on possible server failure/intrusion is resolved as that will likely involve reverting the database.
Result
Email addresses changed to *@wikimedia.se for three accounts. Roles have been removed from all accounts except those we agreed should keep theirs. It turned out that some of the accounts that we decided should keep their roles, did not have any roles assigned. This has not been changed.