On March 14, 2023, Rubrik, a cloud data management company, disclosed that it had suffered a data breach. The breach was caused by a zero-day vulnerability in Fortra's GoAnywhere secure file transfer platform. Rubrik uses GoAnywhere to share internal data, and the vulnerability allowed attackers to access a non-production IT testing environment.
The attackers stole a limited amount of information from the testing environment, including customer and partner company names, business contact information, and a limited number of purchase orders from Rubrik distributors. No sensitive personal data, such as social security numbers, financial account numbers, or payment card numbers, were exposed.
Rubrik said that it quickly took down the affected environment and contained the threat. The company is also working with third-party forensics experts to investigate the incident.
The Rubrik data breach is a reminder of the importance of data security. Even companies that specialize in data security can be breached. It is important to have strong security measures in place to protect your data, including using strong passwords, enabling multi-factor authentication, and keeping your software up to date.
How the Breach Was Reported
The Rubrik data breach was first reported by the security journalist Brian Krebs. Krebs reported that the attackers had used a zero-day vulnerability in Fortra's GoAnywhere secure file transfer platform to access Rubrik's non-production IT testing environment.
Rubrik confirmed the breach in a blog post on March 14, 2023. The company said that the attackers had accessed a limited amount of information from the testing environment, but no sensitive personal data was exposed.
Rubrik's Stance on the Breach
Rubrik said that it takes data security very seriously. The company said that it is working with third-party forensics experts to investigate the incident and that it will take steps to prevent future breaches.
What You Can Do
If you are a Rubrik customer, you should monitor your accounts for any suspicious activity. You should also change your passwords and enable multi-factor authentication.
In general, you should take steps to protect your data from cyberattacks. This includes using strong passwords, enabling multi-factor authentication, and keeping your software up to date.
You can also learn more about data security by visiting the websites of the following organizations:
The National Institute of Standards and Technology (NIST)
The Cybersecurity and Infrastructure Security Agency (CISA)
The Federal Trade Commission (FTC)
Conclusion
The Rubrik data breach is a reminder of the importance of data security. Even companies that specialize in data security can be breached. It is important to have strong security measures in place to protect your data.
