Save the Children was hit last year with a business email compromise scam that cost the charity $1 million.

The cyberattacker gained access to an employee’s email account and then posing as an employee created fake invoices and supporting material to convince the organization to send almost $1 million to a fake charity in Japan, The Boston Globe reported. The scam convinced Save the Children the money would be used to buy solar panels for health centers located in Pakistan.

The incident took place in May 2017.

By the time the scheme was noticed it was too late to stop the transfer, however, about 90 percent of the lost funds were recouped through the foundation’s insurance policy.

“We have improved our security measures to help ensure this does not happen again,” said Stacy Brandom, chief financial officer of Save the Children Federation. “Fortunately, through insurance, we were ultimately reimbursed for most of the funds,” told the Boston Globe.