...
Each admin must evaluate for itself whether their installation setup may have unintentionally leaked PII and decide whether and how users should be informed.
4. Exploitation detection
A set of processes have been documented for identifying potential cases of attempted exploitation; these are based on identifying existing log4j usage and scanning logs for variations of the "${jndi:ldap:" string.
https://www.trustedsec.com/blog/log4j-playbook/#_Exploitation_Detection
https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b