SANS Institute became a victim of an organized phishing attack that was lashed at the company on August 6th, 2020. The infringement of data confidentiality as a result of the phishing attack against an employee-led to the breach of 28,000 records of names, physical addresses, phone numbers, and email addresses of the registered individuals of the cybersecurity training firm, SANS.
The management team of SANS disclosed about the mishap through a website post in which it was written that almost 513 confidential emails have been forwarded to a completely unknown and unauthorized email address. Even though the emails were harmless yet quite a number of them consisted of personally identifiable information that resulted in the compromise of around 28,000 data records.
Through the website post, SANS also revealed about the different types of PII violated during the phishing attack. These types include the email address, country of residence, company name, company address, company industry, work phone, first name, and last name and work title of the employees of SANS. SANS has also clarified that the management team has been able to identify the persons whose data was breached, and will, therefore, reach out to everyone as soon as possible for damage control.
The incident of the phishing attack was detected during a procedural review of the email rules and configuration of SANS. SANS revealed that during the review session, the team discovered a suspicious email forwarding rule that was directing the confidential emails of the firm from the internal accounts of individuals to an unknown external email account. However, the company has disclosed that no other system or account of the company has been affected by the phishing attack. Nonetheless, it is still alarming for a cybersecurity firm itself to become a victim of cyber-crimes like phishing.
The VP of solutions architecture for Cerberus Sentinel, Chris Clements, said that the data breach indicates that no organization is immune to cyber-attacks and crimes. Upon the detection of the phishing attack, the security team at SANS deleted the suspicious email forwarding instruction and removed the malicious O365 add-in software as well. SANS also scanned the other accounts of the employees and confirmed that everything else is safe and secure.
The forensic instructors of SANS are probing deeper into the phishing attack to ensure the security of the other data records and strengthen the security layer of the SANS even more.