SANS InfoSec institute loses 28,000 records in phishing attack

SANS InfoSec institute loses 28,000 records in phishing attack

SANS is known for providing expensive training on InfoSec and cyber security to individuals and institutions.

 

Sans Infosec has suffered a phishing attack where one staff member fell prey to the scam leading to the disclosure of personally identifiable information. 


Cyber security training services provider SANS Institute became the victim of a data breach losing around 28,000 records of personally identifiable information (PII). Sans institute is regarded as the holy grail of the cyber security industry, which is why this incident raised eyebrows. It indicates that even the world’s best security training firm isn’t invulnerable to data breaches.


In its official notice, SANS explained that the data breach was discovered on 6 August 2020 while the company’s IT team was carrying out a ‘systematic review of its email configuration and rules.’ The team noticed a suspicious forwarding rule along with a malicious Microsoft Office 365 add-in.


These two sources, collectively, forwarded 513 emails from an individual’s email account to an unknown external email ID. The activity was detected only after the email forwarding spree was completed.


See: ‘Zoom account suspended’ phishing scam aims at Office 365 credentials


According to Sans Institute, the forwarded emails contained files, which included details like the email’s subset, first name, last name, company name, work title, address, industry, and country of residence.


 


However, the company maintains that most of the forwarded emails were harmless, and the PII was part of a considerably lower number of emails.


Moreover, the company confirmed ..

Support the originator by clicking the read the rest link below.