Cyber security training body SANS Institute has suffered a security outage that has resulted in a data breach of 28,000 customer records. The cyber security training and certification services discovered the breach on August 6, 2020. It involved a phishing attack on an employee using a malicious Officer 365 attachment.
The IT team spotted a suspicious and malicious Microsoft Office 365 add-in that were able to forward 513 emails from a specific individual’s account to an unknown external email address before being detected. SANS said that no financial information was included and it was able to stop any further release of information from taking place.