Several people forgot their training and opened the email, downloaded the attachment, opened the attachment, and proceeded to put in their email and passwords. This immediately gave the attacker access to their gmail account and possibly to their computer. This allowed them to further spread it (with or without access to their PC) through Gmail even further. It is completely possible that a follow-on attack will happen to those computers. If it was a NTLS computer, we can reimage it. If it is a personal computer, steps will be outlined below that you can take.
A picture of the email is below. As you can see there is no text, no header, and nothing to make anyone think it was a legitimate email. It did not go to any distro list and all reciepients were BCCed, so no one knows who else received it. All indications of malware.