Cyber Incident Victim: Sangamo Therapeutics
Date:
Mar 2018
Location:
United States of America
Summary
Sangamo Therapeutics experienced a data security incident involving unauthorized access to a senior executive's email account over an 11-week period. External cybersecurity experts and law enforcement were engaged, with the investigation confirming no compromise of broader IT systems or exposure of patient or individual personal data. However, proprietary corporate information and sensitive data belonging to the company and other entities were accessed and potentially exfiltrated. The organization continues to assess the full scope of the breach and strengthen its systems, acknowledging that further analysis might reveal additional compromised systems or information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 28, 2018, Sangamo Therapeutics discovered unauthorized access to a senior executive’s corporate email account. The company immediately engaged external cybersecurity experts to investigate the breach and notified federal law enforcement authorities. Forensic analysis determined the account compromise had persisted for approximately 11 weeks prior to detection, though investigators found no evidence of broader network infiltration or compromise of other IT systems. While patient data and personal information of individuals remained unaffected, the attackers accessed proprietary corporate information, confidential business materials, and sensitive data belonging to both Sangamo and external entities. The company emphasized that the incident exclusively involved the targeted executive's email account without lateral movement across systems.
Sangamo publicly disclosed the breach through an SEC 8-K filing on April 17, 2018, confirming completion of the initial investigation phase. Remediation efforts included system-wide security enhancements while continuing to assess potential operational or financial impacts from the stolen corporate data. The investigation remained active to determine whether additional systems or information categories were affected beyond initial findings. No evidence suggested patient records or clinical trial data were accessed during the intrusion period. The company maintained coordination with law enforcement throughout the response process while refining internal security protocols to prevent similar incidents.