A Provider of Cyber Security Training Loses 28,000 Items of Personally Identifiable Information (PII) In a Data Breach – E Hacking News
A provider of cybersecurity training and certification services, ‘The Sans Institute’, lost roughly 28,000 items of personally identifiable information (PII) in a data breach that happened after a solitary staff part succumbed to a phishing attack.
The organization discovered the leak on 6 August 2020, when it was leading a systematic review of its email configuration and rules.
During this process, its IT group identified a dubious forwarding rule and a malignant Microsoft Office 365 add-in that together had the option to forward 513 emails from a particular individual’s account to an unknown external email address before being detected.
While the majority of these messages were innocuous, however, a number included files that contained information including email addresses, first and last names, work titles, company names and details, addresses, and countries of residence.
Sans is currently directing a digital forensics investigation headed up by its own cybersecurity instructors and is working both to ensure that no other data was undermined and to recognize areas in which it can harden its systems.
When the investigation is complete, the organization intends to impart all its findings and learnings to the extensive cybersecurity community.
Lastly, Point3 Security strategy vice-president, Chloé Messdaghi, says that “Phishers definitely understand the human element, and they work to understand peoples’ pain points and passions to make their emails more compelling. They also know when to send a phishing email to drive immediate responses.”
And hence she concluded by adding that “The final takeaway is that we all need to stay aware and humble – if a phishing attack can snag someone at the Sans Institute, it can happen to any of us who let our guard down.”