A hacker stole $7.5 million from the endowment funds of
The Jewish Federation of Greater Washington, a non-profit from Maryland in the
US.
Such security incidents perfectly illustrate the dangers
of working from home, as the hacker compromised the personal computer of an
employee working remotely. CEO Gil Preuss made the announcement in a virtual call
with employees, according to a report from The Washington Post.
While the FBI is now investigating, the agency refused to
comment. The little information shared by the non-profit indicates that other
funds belonging to the organization remained untouched.
The hack was only discovered on August 4 by a security
contractor who noticed unusual activity in an employee’s email account.
Preliminary information shows the hacker had access to the system long before
stealing the money, as early as the first months of summer.
The organization has only 52 employees, and they are no
longer allowed to use personal computers for work. The investigation continues
as the security specialists take a closer look at systems and servers. An audit
will determine if the hacker compromised or stole more than $7.5 million.
“It is all heartbreaking and devastating in so many
ways,” said
Preuss. “It’s the combination of how could this happen, how could it be
prevented and how do we make sure we can still focus on the critical issues in
front of us.”
With so many people working from home, cybersecurity has
become the new challenge of IT departments. It’s difficult enough to secure
corporate-issued hardware, let alone the personal computers and devices of
employees.
Such incidents are rarely random, with threat actors
directly targeting people within organizations who have access to financial
accounts. Not using personal devices for work should be the bare minimum for a
company or non-profit with people working remotely. A close second is mandatory
cybersecurity training for employees.