The Escal Institute of Advanced Technologies, otherwise known as the SANS Institute, suffered a data breach resulting the loss of 28,000 items of Personally Identifiable Information (PII). The data breach was a direct result a single employee who fell victim to a phishing attack.
The Maryland-based SANS Institute has a reputation for their highly regarded information security, cybersecurity training, and certificate sales. According to a press release from the institute entitled Data Incident 2020, they found the breach while conducting a routine review of email configuration and rules. The letter states that, “we identified a suspicious forwarding rule and initiated our incident response process. This rule was found to have forwarded a number of emails from a specific individual’s e-mail account to a suspicious external email address.”
The data found includes email addresses, employee work titles, first and last names, addresses, work phone numbers, and other information involving locations and job roles. SANS Institute assures that passwords and financial information were not part of the breach.
SANS Institute is currently investigating the breach further to ensure no other information is compromised. They state that they are working to “…identify opportunities to harden our systems and improve our response. When the investigation is complete, we will run a webcast to outline our learnings if there is information that we think would be useful to the community.”
As a result of the breach, many people are noting the significance of cybersecurity experts suffering a breach. Indeed, this breach illuminates the truth that breaches can happen to anyone.