A popular theater in Washington, D.C. had more than $250,000 in stolen funds returned after hackers managed to siphon the money out of their bank account.
The GALA Hispanic Theatre — a national center for Latino performing arts — was hacked on January 11 and its entire bank account was emptied in a flash.
Executive Director Rebecca Medrano told Recorded Future News that the situation began when the certified accountant for the theater, who has worked with their team for years, went into her secure system to do a standard wire transfer of $965 to a set designer for an upcoming show.
“As soon as she pressed send, a screen came up saying you've been locked out and there's somebody in your system. So we think somebody shadowed her because it's really hard to break these firewalls and to get into the banking system,” Medrano said.
“They just basically took all the money out of the account. Everything but maybe $3,000. She immediately shut down everything, called the fraud department and tried to stop the wire transfer. It is strange because usually it requires approval from the bank or notification from one of us.”
According to Medrano, CitiBank never notified them and let the transaction go through. The transfer went to a Bank of America account supposedly belonging to a company called Infinity Source LLC, which Medrano said appeared to be fake.
She reached out to both CitiBank and Bank of America to see if the transaction could be frozen or canceled but has not heard back from either. Neither bank responded to requests for comment from Recorded Future News.
Medrano filed reports with the FBI and Secret Service while also working with their cyber risk insurance company to see if anything could be done. CitiBank eventually told her that it could take up to eight months for the situation to be resolved — something Medrano said would be “disastrous” for the theater, which needs funds to cover ad hoc payments to costume designers, set managers, actors and more.
They began a donation campaign to help cover the costs of their next show — The Palacios Sisters, opening in February — and managed to raise more than $70,000.
On Thursday, Medrano got a notice that the $255,000 stolen from their account has been recovered.
According to the theater, CitiBank told them that they “appreciate how difficult it can be for an organization to be defrauded.”
“While the circumstances of each case are different, upon careful review we’re pleased to honor this claim and credit our client with its lost funds,” the bank said.
The funds were deposited into the theater’s account and will be used pay back the loans that they had to take out to cover payments.
While it is unclear how the hackers managed to steal the funds, it was likely related to Business Email Compromise (BEC) — a type of attack that annually tops the FBI’s list of the incidents causing the most amount of losses for businesses globally.
From 2016 to 2022, businesses lost an estimated $43 billion from BEC attacks — where hackers compromise legitimate business or personal email accounts through social engineering or computer intrusion before conducting unauthorized transfers of funds.
Both the FBI and cybersecurity researchers said they saw steep spikes in BEC attacks throughout 2023.
Medrano noted that this is a particularly difficult time for her and the theater. Her husband, Hugo Medrano, passed away last May after leading the theater since he founded it in 1976.
“We’re creeping up on our 50th anniversary and it's been a rough time,” Medrano said.
“We're just trying to get through this difficult time but there's been a lot of love from the community. We can't stop doing what we're doing because we never stopped, even during the pandemic, so we're not stopping now.”
Get more insights with the
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Jonathan Greig
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.