Just determine the IP address, this can't be that sophisticated, and then delete all the records with that IP.
But really you need to address the source of your problem which clearly seems to be that your company has bypassed the registration in an insecure way and the attacker is doing an injection attack.
