The U.S. State Department announced Monday that it found 23 “violations” and seven “infractions” in its review of former Secretary of State Hillary Clinton’s use of a private email server to conduct official business. The department also found several individuals culpable in “multiple security incidents,” associated with the scandal.

The department’s findings came in an official letter to Sen. Chuck Grassley (R–Iowa), who is in charge of congressional oversight in the department’s security review regarding the mishandling of classified information related to Clinton’s emails.

“To this point, the Department has assessed culpability to 15 individuals, some of whom are culpable in multiple security incidents,” Mary Elizabeth Taylor, the State Department’s assistant secretary of the Bureau of Legislative Affairs wrote in the letter, adding that as the investigation continues, the number of violations found will likely change. “DS has issued 23 violations and 7 infractions incidents… This number will likely change as the review progresses.”

Individuals found culpable of valid security violations or three or more infractions have been referred to departmental personnel for documents and potential disciplinary action, according to the State Department. Disciplinary consequences, however, are still pending.

“All valid security incidents are reviewed by DS and taken into account every time an individual’s eligibility for access to classified information is considered,” Taylor wrote. “This referral occurred whether or not the individual was currently employed with the Department of State and such security files are kept indefinitely.”

The revelations from the State Department follow a January inquiry from Grassley who sought information related to the security incidents and officials involved with Clinton’s private email server during her time as secretary of state.

The department said it expects to complete the investigation be Sept. 1, and acknowledged that the scale of the review was unusually large requiring a significant amount of resources.

“Given the volume of emails provided to the Department from former Secretary Clinton’s private email server, the Department’s process has been necessarily more complicated and complex requiring a significant dedication of time and resources,” Taylor explained.

No names of the employees found responsible for violations or security incidents were released.

Clinton’s use of a private email server to conduct official state business has plagued her public reputation since the revelations emerged in 2015. The allegations were used frequently by President Donald Trump on the 2016 campaign trail to attack the Democratic nominee.

On Monday morning, Trump renewed his attacks on Clinton for her use of private email on Twitter: