Cyber Incident Victim: Jewish Federation of Greater Washington

On or around August 4, 2020, the Jewish Federation of Greater Washington publicly disclosed a cybersecurity incident that resulted in the theft of $7.5 million from its endowment fund. The organization's CEO, Gil Preuss, announced the breach during a virtual meeting with employees on the morning of August 4. According to the disclosure, attackers initially compromised an employee who was working remotely using a personal computer. This initial breach enabled unauthorized access that ultimately facilitated the transfer of funds from the endowment account to international bank accounts controlled by the perpetrators. The financial impact was significant, with the full $7.5 million being drained from the organization's funds in what appeared to be a single fraudulent transaction.

The incident represented both a substantial financial loss and operational security failure for the nonprofit organization. While the exact attack vector wasn't formally specified in initial reports, the compromise originated through an employee's personal device during remote work arrangements – a circumstance noted as particularly concerning given increased remote work vulnerabilities during the COVID-19 pandemic. The stolen funds were routed to overseas accounts, complicating potential recovery efforts. No additional details were provided regarding detection methods, containment procedures, or whether law enforcement investigations resulted in fund recovery. The public disclosure focused primarily on the financial consequences and initial breach vector without elaborating on secondary impacts to operations, donor data, or other systems within the organization's infrastructure.