We don't have an auditing function to tell you. I believe that would be something an Active Directory admin could find out for you though. Do check the event logs on the Unity server and see if there is anything in there that might elude to what happened. Otherwise this is going to be an AD admin issue.
From your Unity server, you can run under System Reports, the Administrative Access report. This should tell you what admins accessed the Unity SA and deleted the voicemail subscribers. You can also check the Security event log on the Unity server to see who logged onto the server.
These are the paths to get to each CCX logs through CLI. They may be helpful if you are having issues accessing RTMT or downloading logs through it.
If you want to download them you have to prefix "file get " and you can add one of the options (re...