Security Experts:

Connect with us

Hi, what are you looking for?



SANS Institute Says 28,000 User Records Exposed in Email Breach

The SANS Institute has disclosed a security incident which resulted in 28,000 records of personally identifiable information (PII) being forwarded to an unknown email address.

The SANS Institute has disclosed a security incident which resulted in 28,000 records of personally identifiable information (PII) being forwarded to an unknown email address.

The breach was discovered on August 6, during the review of email configuration and rules, according to the U.S.-based organization, which specializes in cybersecurity training, certifications and research.

During the audit, the company identified a forwarding rule on one email account, meant to forward emails to an unknown external address. The rule impacted one individual’s account only, SANS explains.

The messages that were sent externally included files containing information such as first and last name, email address, physical address, country of residence, work phone, work title, company name, and industry.

The incident did not impact passwords or financial information such as credit card data.

“SANS quickly stopped any further release of information from the account,” the company says.

Before the leak was identified, however, a total of 513 emails were forwarded to the external email address, the majority of which did not include important information.

“Most of these emails were harmless, but some of these emails contained files with personally identifiable information (PII). As a result, approximately 28,000 records of PII were forwarded to an unknown external email address,” SANS reveals.

The company also says that a phishing email was found to be the initial attack vector, and that a single employee’s email account was affected, with no other accounts or systems compromised.

“Upon discovery of the malicious activity, our IT and security team removed the forwarding rule and malicious O365 add-in. We have also scanned for any similar occurrences within all other accounts and across our systems. We have found no other indications of compromise,” SANS says.

The company also noted that it identified the individuals that were affected by the information leak and that it is already in the process of informing them about the incident.

SANS says the investigation into the incident continues, in an effort to ensure that no additional information was compromised and to improve the security of its systems.

Related: LiveAuctioneers Data Breach Impacts 3.4 Million Users

Related: Cognizant Says Data Was Stolen in April Ransomware Attack

Related: San Francisco Employees’ Retirement System Discloses Data Breach

Related: Amtrak Discloses Security Incident Involving Guest Reward Accounts

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.