Proving that no one is safe from cyberattacks, cybersecurity training and certification services provider SANS Institute has suffered a data breach with the records of some 28,000 customers stolen.

The breach involved a phishing attack on an employee that involved a malicious Officer 365 attachment. The attachment set up a forwarding rule from the employee’s inbox that sent 513 emails to the attacker before it was detected and shut down.

Information compromised included emails, work titles, first and last names, work phones, company names, industry, addresses and country of residence. No passwords or financial information were compromised.

In a statement, SANS said that it detected the breach Aug. 6 and “quickly stopped any further release of information” from the compromised email account, which was forwarding the data to “a suspicious external email address.” The company added that it believes that the attack was not targeted and “appears to have been opportunistic with financial theft the intent.” SANS noted that they are investigating the attack and are working to identify opportunities to harden their systems and improve their responses.

“When a respected security organization, such as SANS Institute, experiences an incident like this, it emphasizes that for many organizations attempting to prevent each and every attack is a fool’s errand and an expensive one at that,” Tim Wade, technical director of the CTO Team at threat detection and response firm Vectra AI Inc., told SiliconANGLE. “The real hallmark of modern security is about resilience to attacks – the capacity to perform timely detection and response before material damage is done even after preventative controls have failed.”

Ilia Kolochenko, founder and chief executive officer of web security company ImmuniWeb, noted that although he didn’t believe that SANS should be held accountable to the same standard of security and data protection as imposed on financial institutions and other highly regulated industries, the amount of information gained is concerning.

“The breach of one single email, however, should not lead to such a significant exposure of personally identifiable information data, even if it’s a drop in the ocean of disclosed data breaches from the last 18 months,” Kolochenko said. “Attackers will now gradually focus their attention on cybersecurity companies and organizations to get their clients’ privileged information or credentials.”

Kolochenko was conciliatory, however, adding that “the rapid and transparent reaction of SANS to this incident is laudable and professional. Moreover, this fairly insignificant incident will now likely boost internal security at SANS and provide additional confidence to its clients and partners.”

Image: SANS Institute