Cybersecurity training firm SANS has confirmed a data breach resulting from a phishing attack that allowed an attacker to compromise an employee's email environment and steal data.
The incident was discovered on Aug. 6 as part of a regular review of its email configurations and rules. SANS initiated its incident response process upon discovering a suspicious forwarding rule that was sending emails from one person's email account to an unknown external address.
Officials identified a single phishing email allowed the attack to occur; it does not believe other SANS accounts or systems were compromised. As a result of the attack, 513 emails were forwarded to this address. Most were harmless, but some held files with personally identifiable information (PII). Approximately 28,000 PII records were sent to the external email address.
The data did not include any passwords or financial information, but it did include subsets of the following data: email, work title, first and last name, work phone, company name, industry, address, and country of residence.
Upon discovering the malicious activity, SANS's IT and security team removed the forwarding rule and malicious Office 365 add-in. An investigation is ongoing, and those whose data was exposed will be notified of the incident by email.
Read the full disclosure here.