If you find that a password has leaked out after analyzing the audit log, change the password immediately.
The legitimate user may not be able to access the box because the password has been fraudulently altered. The administrator must contact the user to confirm the situation, and if that is the case, he/she must address the problem either by changing the password or by deleting the stored data.
If a stored document cannot be found or its content is altered, unauthorized actions may have been occurred. If that is the case, similar countermeasures are needed.