Riley Griffin reports:
Hackers stole millions of dollars in grant money from the Department of Health and Human Services last year in a series of attacks, according to two people familiar with the matter.
Between late March and mid-November, the hackers gained access to an HHS system that processes civilian grant payments and withdrew about $7.5 million intended to be awarded to five accounts, said the people, who asked not to be named as the details aren’t public.
[…]
In the most recent attack, HHS determined the hackers got into the grantees’ domain email accounts and also used spearphishing emails — which are targeted at specific individuals or organizations — in order to trick US payment staff into providing access to the grantees’ accounts, the people said.
Read more at Bloomberg.
A recent report by Egress found that four in ten employees responsible for email-related security breaches were fired over the incidents. DataBreaches had suggested firing employees or throwing them under buses was neither a smart nor fair strategy. Did HHS fire any employees over these successful attacks?