In a lawsuit against its insurance company requesting reimbursement for close to $2.4 million from two different hacking incidents, National Bank of Blacksburg detailed the intrusions, which are instructive of a sophisticated scheme against the financial services industry.

According to the lawsuit, the first theft took place on Memorial Day weekend of 2016. In that incident, an employee of the bank clicked on a phishing email (which reportedly was an infected Microsoft Word document) that was targeted to the employee. The opening of the document allowed malware to be introduced into the bank’s system, allowing the intruders access to a network that handles debit card transactions. The hackers were then able to disable security protections and used hundreds of Automatic Teller Machines (ATMs) across North America to steal from customer accounts to the tune of approximately $569,000.

The second incident occurred in January 2017. What appears to be the same hacking group originating in Russia gained access to the bank’s system through another phishing email scheme. During that incident, the hackers were able to access the same debit card system as the first time, and also to compromise a system that manages credits and debits to customers’ accounts. They used the system to credit more than $2 million to various accounts, then changed security protocols and measures and withdrew the fraudulent credits again using hundreds of ATMs. The intruders actually watched the bank’s system monitoring the money being taken out of customer accounts through ATMs.

The lawsuit outlines details of the schemes targeted against the bank’s employees, which is a sobering reminder of how vulnerable the financial services industry is, and how important employees are in the process of identifying and combating security incidents and fraud.