Why Sending Board Papers Via Free Public Email Could Be a Data Security Disaster
In August 2025, Google revealed that the ShinyHunters hacker group had accessed its Salesforce database after deceiving a staffer via a phone-based impersonation scheme, exposing contact information for approximately 2.5 billion Gmail accounts. Though passwords weren’t stolen, the breach has sparked an onslaught of phishing attempts, voice scams, and malicious messaging targeting affected users. This incident shines a grim light on the perils of sending sensitive board materials via free, public email services—which, despite their convenience, can lack the critical security features your board-level communications demand.
The Breach & Its Consequences
The recent Google breach serves as a stark reminder of how vulnerable even trusted systems can be:
• Hackers impersonated IT support staff to exploit Google’s Salesforce database.
• Data exposed included names, emails, and contact details—sufficient for targeted phishing.
• Affected users have reported surges in phishing calls, texts, and emails.
Why This Matters for Boards
Board members are prime targets for cybercriminals due to their access to sensitive strategic information. Even basic details like names and emails can enable sophisticated phishing attacks. Relying on free public email services increases the risk of:
• Highly believable impersonation attacks.
• Compromised board materials and confidential decisions.
• Exposure to data exfiltration and regulatory breaches.
• Huge reputational damage
Risks of Using Free Email Services
| Risk Factor | Problematic Implications |
| Credential Reuse | Compromise of board email can lead to wider access if passwords are reused elsewhere. |
| Lack of Central Oversight | IT can’t monitor or enforce security policies. |
| Absence of Endpoint Controls | No enforcement of device-level protections, sandboxing, or threat detection. |
| Regulatory Compliance Gaps | Potential violation of confidentiality, privacy, and governance protocols. |
Recommendations for Secure Communication
To reduce the risks associated with board-level communications:
• Move to encrypted, enterprise-grade platforms designed for sensitive documents.
• Enforce multi-factor authentication and strong password policies.
• Maintain secure audit trails of all board document access.
• Provide phishing awareness and security training tailored for directors.
Conclusion
The Google breach isn’t a hypothetical scenario—it’s a wake-up call. A misdirected email or compromised inbox could expose your board and organisation to devastating consequences. Don’t wait until it’s too late to act.
Athena Board can help, give us a call today or contact sales@athenaboard.com