The SANS Institute, which trains cybersecurity professionals around the world, was hacked, resulting in the compromise of 28,000 records of personally identifiable information, the organization said Tuesday.
The Maryland-based research and educational outfit said the breach was the result of a single phishing email sent to a SANS employee, which led to more than 500 of the organization’s emails being forwarded. The breached data included names, email addresses, and physical addresses — information submitted by attendees of a recent SANS virtual training event.
After discovering the breach on Aug. 6, SANS said it “quickly stopped any further release of information” from the compromised email account, which was forwarding the data to an “unknown external email address.” The institute did not identify who was responsible for the hack.
“We are investigating this incident with the support of some of the world’s top forensic experts to be certain that we understand the complete scope of what was accessed,” SANS said in an email to victims of the breach obtained by CyberScoop.
SANS, which says it reaches 165,000 security professionals around the world, is renowned for its training in cyber incident response and penetration testing. The institute has trained countless people in prominent positions at corporations, and has also run cybersecurity exercises for U.S. military personnel. Becoming a SANS instructor is a badge of honor in the cybersecurity industry, and some U.S. government and corporate employees moonlight as instructors.
“[We] deeply regret this attack has happened,” SANS said in its notification email. “When the investigation is complete, we will run a webcast to outline our learnings if there is information that we think would be useful to the community.”
There was no evidence the stolen data had been abused, “but please do be extra careful if you receive any unsolicited communications, particularly if they claim to be from either SANS Institute or GIAC Certifications,” the email said, referring to a global security accreditation run by SANS.
After news of the breach broke, some cybersecurity hands noted the irony of the training guru getting hacked.