CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

SANS Institute Says 28,000 User Records Exposed in Email Breach

The SANS Institute has disclosed a security incident which resulted in 28,000 records of personally identifiable information (PII) being forwarded to an unknown email address.

The SANS Institute has disclosed a security incident which resulted in 28,000 records of personally identifiable information (PII) being forwarded to an unknown email address.

The breach was discovered on August 6, during the review of email configuration and rules, according to the U.S.-based organization, which specializes in cybersecurity training, certifications and research.

During the audit, the company identified a forwarding rule on one email account, meant to forward emails to an unknown external address. The rule impacted one individual’s account only, SANS explains.

The messages that were sent externally included files containing information such as first and last name, email address, physical address, country of residence, work phone, work title, company name, and industry.

The incident did not impact passwords or financial information such as credit card data.

“SANS quickly stopped any further release of information from the account,” the company says.

Before the leak was identified, however, a total of 513 emails were forwarded to the external email address, the majority of which did not include important information.

“Most of these emails were harmless, but some of these emails contained files with personally identifiable information (PII). As a result, approximately 28,000 records of PII were forwarded to an unknown external email address,” SANS reveals.

Advertisement. Scroll to continue reading.

The company also says that a phishing email was found to be the initial attack vector, and that a single employee’s email account was affected, with no other accounts or systems compromised.

“Upon discovery of the malicious activity, our IT and security team removed the forwarding rule and malicious O365 add-in. We have also scanned for any similar occurrences within all other accounts and across our systems. We have found no other indications of compromise,” SANS says.

The company also noted that it identified the individuals that were affected by the information leak and that it is already in the process of informing them about the incident.

SANS says the investigation into the incident continues, in an effort to ensure that no additional information was compromised and to improve the security of its systems.

Related: LiveAuctioneers Data Breach Impacts 3.4 Million Users

Related: Cognizant Says Data Was Stolen in April Ransomware Attack

Related: San Francisco Employees’ Retirement System Discloses Data Breach

Related: Amtrak Discloses Security Incident Involving Guest Reward Accounts

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.