No one is immune.  Even those focused on preventing compromise are susceptible to attack.  This should be treated as yet another wakeup call that we need to press forward with better controls, awareness training, and data segmentation.

https://www.infosecurity-magazine.com/news/fsisac-falls-for-a-phish/