[BreachExchange] Hackers steal $7.5 million from Washington Jewish endowment

Destry Winant destry at riskbasedsecurity.com
Fri Sep 4 09:59:24 EDT 2020


https://www.jta.org/2020/09/03/united-states/hackers-steal-7-5-million-from-washington-jewish-endowment

(Washington Jewish Week via JTA) — Federal and international law
enforcement agencies are investigating the theft of $7.5 million from
the United Jewish Endowment Fund, an arm of The Jewish Federation of
Greater Washington, and diverted to international accounts.

The theft was discovered on Aug. 4, but made known to the federation’s
board on Wednesday after federal law enforcement lifted a blackout on
the information, federation CEO Gil Preuss said.

Preuss said the funds were taken from a single organization’s fund
managed by the United Jewish Endowment Fund. The endowment’s
donor-advised funds and the federation’s own endowment were not
touched, he said, nor were other organizational funds managed by the
United Jewish Endowment Fund.

Preuss, federation President Mark Levitt and Deborah Ratner Salzberg,
president of the United Jewish Endowment Fund, reiterated that message
in an email to the federation’s board on Wednesday.

“We want to assure you that from our internal investigation to date,
no donor information, no other agency funds or individual donor
advised funds invested through the United Jewish Endowment Fund and no
Annual Campaign or COVID-19 emergency funds of The Jewish Federation
of Greater Washington were compromised,” it read.

“They weren’t going after personal information,” Preuss said. “They
were going after dollars directly.”

Asked if there was evidence that the hacking was a hate crime, Preuss
would not speculate.

He said he doesn’t believe “there was anyone internal to our
organizations” who is a suspect. “We believe it’s an outside party.”

Since the coronavirus outbreak, federation staff has been working from
home, often on personal computers, creating vulnerabilities that
hackers may have taken advantage of, Preuss said.

Following the theft’s discovery, “nobody is working from home
computers anymore,” he said. “Passwords have been changed.”

On Aug. 4, the email account of a federation employee was discovered
to have been hacked. At that point, the extent of the hack was not
known, Preuss said.

By the next day, he said, it was clear that the break-in allowed the
hackers to steal the money.

The federation is working with insurers to help cover the loss.

“We are hoping, through legal counsel, that we will get most of the
money back through insurance,” Preuss said.

He said the stolen $7.5 million “will not affect our budget and allocations.”

“We don’t expect it to have any impact on that side,” Preuss said.

In their letter, Preuss, Levitt and Salzberg sought to reassure the
board of the measures they had taken to respond to the theft and
prevent another.

“Working with a team of top legal and cybersecurity experts to contain
the impact and fully investigate this theft,” they wrote. “We retained
Baruch Weiss and Bob Winter of Arnold and Porter who are helping us
pro bono to work with law enforcement, as well as our insurers, and to
advise us more generally. Arnold and Porter’s pro bono policy is that
they treat the job as if it is from their top client and they are
getting paid. This work is in excellent hands.”

What the hacking has done is steal a month during a pandemic when the
federation had to use its energies and work hours to respond to the
theft “as opposed to doing our work, which is why we’re here.”

“I’m heartbroken that [the theft] has happened,” he said. “And I’m
angry that it has taken us away from the work we should be doing.”


More information about the BreachExchange mailing list