SANS Security Training Firm Hit with Data BreachSANS Security Training Firm Hit with Data Breach
A phishing email allowed an attacker to compromise a SANS employee's email environment, the organization reports.
August 12, 2020
Cybersecurity training firm SANS has confirmed a data breach resulting from a phishing attack that allowed an attacker to compromise an employee's email environment and steal data.
The incident was discovered on Aug. 6 as part of a regular review of its email configurations and rules. SANS initiated its incident response process upon discovering a suspicious forwarding rule that was sending emails from one person's email account to an unknown external address.
Officials identified a single phishing email allowed the attack to occur; it does not believe other SANS accounts or systems were compromised. As a result of the attack, 513 emails were forwarded to this address. Most were harmless, but some held files with personally identifiable information (PII). Approximately 28,000 PII records were sent to the external email address.
The data did not include any passwords or financial information, but it did include subsets of the following data: email, work title, first and last name, work phone, company name, industry, address, and country of residence.
Upon discovering the malicious activity, SANS's IT and security team removed the forwarding rule and malicious Office 365 add-in. An investigation is ongoing, and those whose data was exposed will be notified of the incident by email.
Read the full disclosure here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023