Fiona_TG
LE

Given that the data is still missing, and everyone is staying tight-lipped about it, I’m leaning towards an initial cause being made worse by a problem with the backups. If the backups (and schedule) were good, they could have restored the data, losing only one day’s data.
Backup data testing is still low priority for many. This was one of the resilience layers I would mention but it went to the back of the queue and stayed there.
On the HO incident six days (and counting) is surely an SLA breach. Perhaps the DR option is ok but for some reason not yet invoked, sometimes the "we are nearly there" delays invocation and after a few hours without getting there the phrase is heard yet again so further delaying invocation.
To me this is a mistake, if you are confident you can recover to agreed RTO/RPO and other KPIs then do so and (assuming all goes to plan) you meet SLA and are fine, dither and go over and you are in trouble.
The time for scenario evaluation, threat analysis, risk management/mitigation and planning is before the event, at time of disaster it is too late and utterly pointless to sit down and start discussing such matters. You are either ready to recover or you are not, so make sure it is the former and go for it.