Unauthorised Users Could Have Accessed Private Information of 7,700 People Following ETSU Breach (Nov 19, 2018)
East Tennessee State University (ETSU) announced that they had suffered a data breach after two unnamed employees clicked on a link in a phishing email that granted the threat actors access to employee information. Approximately 7,700 employees are likely to have had their private information like full names and Social Security Numbers (SSN) accessed. It is believed that the phishing emails purported to be from a supervisor of the employees who ended up clicking the link. The amount of information accessed is currently unclear, as the threat actors could potentially obtain information reaching all the way back to 2013 from the two compromised email accounts. ETSU discovered the breach on October 17, 2018, but only just announced the breach on November 29, 2018.
Recommendation: It is important that your company institute policies to educate your employees on phishing attacks. Specifically, how to identify such attacks and whom to contact if a phishing email is identified. Furthermore, maintain policies regarding what kind of requests and information your employees can expect to receive from colleagues and management to assist in identifying potential malicious communications. Leaks of this sort cause individuals to be at a large risk of phishing attacks. Actors can use this information to coerce more personal data from the victim. Users should also monitor their credit in order to make sure that nothing out of the ordinary is happening and no identity fraud is being committed.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.