Which will earn them a prima-facie charge of obstructing justice, by the simple act of a warrantable search request to said cloud providers (who are required to comply by law) asking for the details of the account that's seen loaded on all those computers.
Though I don't doubt you can evade justice a little by running everything from the cloud - that leaves an audit trail as long as your arm through Google/AWS/whoever you used detailing every action you took and is likely to be much more incriminating than anything on the machines themselves.
The bigger problem you have is that really all the ICO need are your telecoms devices/logs. Much more interesting, direct evidence of infringement, and probably what caused this to happen in the first place.
Again, though you could do everything over a pseudo-anonymous SIP trunk with multiple providers, hiding that information for a significant length of time is beyond your control and in the hands of the industry that is offering those services and which you're giving "a bad name" - the SIP trunk providers, telecommunications suppliers, people allowing you to use certain phone numbers, cell-phone equipment providers (for spam texts etc.) and so on.
More likely, they've seized a bunch of PCs with a huge spreadsheet of numbers, a few dozen cellphones or 4G dongles with a big pile of SIM cards next to them, and a bunch of email accounts talking about exactly what they've been doing.
Because to be honest most criminals, especially those in office jobs only casually infringing the law in pursuit of sales, are as dumb as rocks.
Biting the hand that feeds IT
