SANS Institute has a disclosed a data breach yesterday, after finding that one of their employees had fallen to a phishing email. The credentials of the victim were used for installing an OAuth Office 365 add-on and forwarded about 518 emails to an unknown account. These emails included the PII of about 28,000 of its members but didn’t contain any sensitive data.
SANS Institute Disclosed Data Breach
SANS Institute is a cybersecurity coaching institute, where it offers security training and certifications. The platform has a significant following around the world. On Tuesday, the for-profit training platform has disclosed a data breach into their network, where an employee of its team has fallen victim for a phishing email.
When performing their systematic review of email configurations on August 6th, they identified a suspicious forwarding rule which is tuned to forward all the emails sent to the victim’s (employee’s) inbox. Since then, about 518 emails containing 28,000 records of SANS members were transferred to the unknown external email account.
The details in those forwarded emails contain personally identifiable information like the first name and last name, email ID, company name, work title, industry, address, and country of residence. SANS quickly stopped any further forwarding and deployed its instructors to investigate the incident.
And in the initial investigations, SANS said they found no other account has compromised and assured the leaked information didn’t contain any sensitive data like passwords or financial information like credit cards. Further, it said to be tightening the security whenever possible and would run a webcast after the investigation to share the learned details.
The company has also mentioned an OAuth add-on being found in their investigation but didn’t explain much about it. Finally, it said to have informed all the affected members and advised to monitor for any potential attacks.
