A phishing email allowed an attacker to compromise a SANS employee's email environment, the organization reports.

Dark Reading Staff, Dark Reading

August 12, 2020

1 Min Read

Cybersecurity training firm SANS has confirmed a data breach resulting from a phishing attack that allowed an attacker to compromise an employee's email environment and steal data.

The incident was discovered on Aug. 6 as part of a regular review of its email configurations and rules. SANS initiated its incident response process upon discovering a suspicious forwarding rule that was sending emails from one person's email account to an unknown external address.

Officials identified a single phishing email allowed the attack to occur; it does not believe other SANS accounts or systems were compromised. As a result of the attack, 513 emails were forwarded to this address. Most were harmless, but some held files with personally identifiable information (PII). Approximately 28,000 PII records were sent to the external email address.

The data did not include any passwords or financial information, but it did include subsets of the following data: email, work title, first and last name, work phone, company name, industry, address, and country of residence.

Upon discovering the malicious activity, SANS's IT and security team removed the forwarding rule and malicious Office 365 add-in. An investigation is ongoing, and those whose data was exposed will be notified of the incident by email. 

Read the full disclosure here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights