Nutanix, a cloud-computing software and services provider, said an internal investigation into its misuse of third-party software—software intended for evaluation and available at no cost—has resulted in $11 million in estimated payouts to the vendors involved.

The San Jose, Calif.-based company said on Wednesday that the software, which Nutanix was supposed to only evaluate, was instead used for business purposes by “individual departments,” and certain employees intentionally concealed their actions to one of the vendors. The inquiry also revealed a “material weakness” in internal controls on financial reporting, which led to an “immaterial understatement” of expenses and liabilities going back to August 2014, Nutanix said.

Nutanix’s audit committee concluded that software from two vendors was used in a “noncompliant manner” over multiple years. Those misuses included “interoperability testing, validation and customer proofs of concept, training and customer support,” the company said.

Nutanix estimated cumulative expenses of $11 million as a result of the noncompliant software usage, representing “the estimated accumulated amount for past usage of evaluation software” over a multiyear period, a spokeswoman said. The company also expects to spend low-single-digit millions for “ongoing usage of the software on an annual basis.”

Chief Executive Rajiv Ramaswami said during Wednesday’s earnings call that management discovered the misuse during a software purchase review, and that it continues to use the software for “non-production use cases.” Rukmini Sivaraman, the company’s chief financial officer, said Nutanix is in contact with both vendors, which she didn’t name.

“We’re pleased the investigation has been completed. We determined that it was not material to our previously issued financial statements and, we believe it will have minimal impact going forward,” a Nutanix spokeswoman said.

The internal investigation, first announced on March 6, resulted in Nutanix’s failure to file its Form 10-Q for the quarter ended Jan. 31 with the Securities and Exchange Commission in a timely manner, it said. The company also said it received a notification of deficiency from Nasdaq as a result of the delayed filing.

In the Form 10-Q filing, submitted Wednesday, Nutanix said it found “no evidence of wrongdoing by current senior management or by any members of the finance, legal, or accounting departments.” The company also said it terminated the employees found primarily responsible, and that it plans to implement employee training regarding financial reporting, buying software, and ethics, and additional controls over third-party software usage.

Wendy Pfeiffer, the company’s former chief information officer, resigned in March “to pursue an external opportunity,” a Nutanix spokeswoman said, adding that the company is searching for her replacement. Pfeiffer declined to comment on the matter.

After announcing its internal investigation, a federal securities class-action suit was filed against Nutanix in the Northern District of California on April 14, alleging the company made “misstatements and/or omissions in certain of our financial statements, news releases, and SEC filings” from Sept. 21, 2021, through March 6, the company’s filing also said. A separate complaint, filed May 5 in the Northern District of California, alleges “breach of fiduciary duties, and aiding and abetting breach of fiduciary duties” based on similar allegations as the class-action complaint.

Nutanix reported an 11% year-over-year rise in revenue of $448.6 million for the quarter ended April 30, higher than analysts’ estimates, and a loss of $81.2 million, narrowing from $112 million in the year-earlier period. The company, which once primarily sold networking equipment and now focuses on selling software for managing data centers and cloud infrastructure, went public in 2016 and had explored a sale last year.

Jason Ader, an analyst at William Blair, said Nutanix had essentially used the software “for things that they needed to pay for, and they were not paying.”

“It was a kind of a breakdown in financial controls, which they talked about, they’re addressing now, but it never should have happened,” he said. “There’s definitely an abuse of software-licensing privileges out there, but this particular type of scenario I have not seen until this case with Nutanix.”

Financial controls deficiencies are more common among younger companies than mature firms like Nutanix, Ader said.