The attacker sent multiple emails to multiple addresses on my companys domain. They used spoofed addresses to make it look like accounts were compromised and blackmailed people saying they will release my colleagues browser history if they arent paid.