SANS Institute reported a leak of information with personal data of its users due to a fraudulent forwarding of emails from the mailbox of one of its employees. According to SANS, the failure was discovered on August 6 through a review process in automatic email rules.
The organization initiated management and forensic analysis of the incident through its own instructors, reporting that up to 513 emails had been forwarded to an external address, including up to 28,000 records with personal data of its users, which did not include passwords or financial data.
The investigation revealed that the user of the affected mailbox was a victim of phishing, through which an attacker obtained permissions on the mailbox using a malicious Outlook 365 plug-in, in what is known as "consent phishing". SANS Institute has already contacted the affected users.