Security News > 2020 > August > Irony, thy name is SANS: 28k records nicked from infosec training org after staffer's email account phished
Cybersecurity training organisation the SANS Institute suffered the loss of 28,000 items of personally identifiable information after a staffer's email account was accessed by malicious people.
In a statement on its website, SANS said: "Aside from the affected user, we currently believe that no other accounts or systems at SANS were compromised."
SANS digital forensics instructors are heading up the investigation into what went wrong, with the organisation adding: "We are working to ensure that no other information was compromised and to identify opportunities to harden our systems and improve our response. When the investigation is complete, we will run a webcast to outline our learnings if there is information that we think would be useful to the community."
A SANS staffer confirmed to The Register that the hackers harvested the data they accessed from attachments sent to the affected account and did not harvest information from its address book.
SANS got in touch to tell The Reg: "The compromised PII consisted of information of individuals who had recently registered for our virtual DFIR Summit and was intended for community outreach purposes. So this meant the data consisted of First name, Last name, Email, Work phone, company name, work address and country of residence - information that is largely available in publicly available databases. No customer records, no instructor records or other parties were impacted."
News URL
https://go.theregister.com/feed/www.theregister.com/2020/08/12/sans_institute_data_breach/