SANS Security Training Firm Hit by Data Breach, 28000 User Records Exposed

A phishing email allowed an attacker to compromise a SANS employee’s email environment, the organization reports. Cybersecurity training firm SANS has confirmed a data breach. SANS has shared the indicators of compromise for a recent phishing attack that compromised one of their email accounts and led to a data breach. On August 11th, SANS disclosed that they had suffered a data breach after one of their employees fell for a phishing attack that caused 513 emails to be forwarded to attackers.

Some of the forwarded emails contained a total of approximately 28,000 records of personal information (PII) for SANS members. The data did not include any passwords or financial information, but it did include subsets of the following data: email, work title, first and last name, work phone, company name, industry, address, and country of residence.

When disclosing the attack, SANS stated that they would release information that they discover about the attack to benefit the cybersecurity community.

According to SANS, the initial attack started with a phishing email pretending to be a file shared by a SANS SharePoint service. The file pretending to be shared was called “Copy of July Bonus 24JUL2020.xls,” and the email prompted the user to click on the ‘Open’ button to access the file.

SANS was not the only target for this phishing scam, and at least two other companies had uploaded similar emails to VirusTotal.

Reference:

https://www.sans.org/dataincident2020

https://www.sans.org/blog/sans-data-incident-2020-indicators-of-compromise/