This is genuinely something I hadn't considered. A test tenant may have been in a more than ideal position to stage phishing attacks from. Hopefully this is the case, and not a more concerning lack of disclosure or shudder NSL situation.