The breach was discovered on August 6, during the review of email configuration and rules, according to the U.S.-based organization, which specializes in cybersecurity training, certifications and research.
During the audit, the company identified a forwarding rule on one email account, meant to forward emails to an unknown external address. The rule impacted one individual’s account only, SANS explains.