Security News > 2020 > August > SANS cybersecurity training firm suffers data breach due to phishing attack

The breach compromised 28,000 records, exposing such data as names, phone numbers, physical addresses, and email addresses.
On Aug. 6, security training firm SANS Institute discovered a data breach of approximately 28,000 records as the result of one successful phishing attack against a single employee.
There is a certain alarm that a cybersecurity training firm should itself be caught in a security incident, even if due to the actions of a single employee.
"We don't know if SANS had two-factor authentication enforced, or if the attacker was able to bypass those controls if in place. It is surprising that an organization like SANS would suffer such a large breach and that the compromise was not detected until a supposedly unrelated review of email configurations was taken."
In the case of phishing attacks, training should include phishing simulations where employees are taught how to respond to suspicious emails.
News URL
Related news
- HPE notifies employees of data breach after Russian Office 365 hack (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Fintech giant Finastra notifies victims of October data breach (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- US drug testing firm says data breach impacted 3.3 million people (source)
- US drug testing firm DISA says data breach impacts 3.3 million people (source)
- Background check, drug testing provider DISA suffers data breach (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)