Dive Brief:
- In a blog post on Feb. 22, Rubrik said its security team recently discovered "anomalous activity" on a server containing log files. A forensic investigation by a third-party partner revealed the server had been compromised by an unauthorized actor.
-
Rubrik co-founder & CTO Arvind Nithrakashyap and CISO Michael Mestrovich said in the post that the intrusion was limited to the single server and there was no evidence that the threat actor had accessed customer data or Rubrik's internal code.
-
Nithrakashyap and Mestrovich said the threat actor obtained some "access information," though the company did not specify what types of data were compromised in the incident.
Dive Insight:
"Through our investigation we discovered that an unauthorized actor accessed a small number of log files, most of which contained non-sensitive information. One file contained some limited access information," Nithrakashyap and Mestrovich wrote. "Out of an abundance of caution, we have rotated keys to mitigate any residual risk, even though we found no evidence that access information was misused."
While the unspecified access information was compromised in the breach, customer data appears unaffected. The Rubrik executives emphasized that a detailed analysis of the incident found no evidence that the threat actor obtained access to "any data we secure on behalf of our customers or our internal code."
However, in other cases, compromised access information has led to significant risks for vendors’ customers. For example, a threat actor breached Okta's support case management system in the fall of 2023 and used stolen access tokens and service account credentials to attack several customers, including Cloudflare.
It's unclear how the threat actor breached Rubrik's server or what types of access information were compromised. Cybersecurity Dive contacted Rubrik for additional comment.
"We take the security of our customers as well as our own systems extremely seriously and while the issue has been fully mitigated, we felt it was important to be transparent about this to all our customers, partners and prospects," Nithrakashyap and Mestrovich wrote.
Rubrik was founded in 2014 as a backup and recovery vendor, later shifting to data protection and cybersecurity. The company had an initial public offering in April 2024, raising approximately $725 million. In its fiscal third quarter, which ended on Oct. 31, 2024, Rubrik reported $236.2 million in revenue.
In 2023, Rubrik suffered a data breach after threat actors exploited a zero-day vulnerability, CVE-2023-0669, in Fortra's GoAnywhere MFT software. The attackers gained access to "a non-production, IT testing environment," though Rubrik did not say how exploitation of the GoAnywhere flaw led to the compromise. The Cl0p ransomware gang claimed responsibility for the cyberattack, but the company said customer data was not affected.
