Security News > 2020 > August > SANS cybersecurity training firm suffers data breach due to phishing attack
The breach compromised 28,000 records, exposing such data as names, phone numbers, physical addresses, and email addresses.
On Aug. 6, security training firm SANS Institute discovered a data breach of approximately 28,000 records as the result of one successful phishing attack against a single employee.
There is a certain alarm that a cybersecurity training firm should itself be caught in a security incident, even if due to the actions of a single employee.
"We don't know if SANS had two-factor authentication enforced, or if the attacker was able to bypass those controls if in place. It is surprising that an organization like SANS would suffer such a large breach and that the compromise was not detected until a supposedly unrelated review of email configurations was taken."
In the case of phishing attacks, training should include phishing simulations where employees are taught how to respond to suspicious emails.
News URL
Related news
- EU law enforcement training agency data breach: Data of 97,000 individuals compromised (source)
- UN aviation agency investigating possible data breach (source)
- Washington state sues T-Mobile over 2021 data breach security failures (source)
- Largest US addiction treatment provider notifies patients of data breach (source)
- STIIIZY data breach exposes cannabis buyers’ IDs and purchases (source)
- Wolf Haldenstein law firm says 3.5 million impacted by data breach (source)
- Otelier data breach exposes info, hotel reservations of millions (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- PayPal to pay $2 million settlement over 2022 data breach (source)
- UnitedHealth now says 190 million impacted by 2024 data breach (source)