Submitted by Antony Savvas on March 17, 2023
Cloud data management vendor Rubrik has admitted it was hit by a data breach.
The company CISO Michael Mestrovich says one of its own vendors, Fortra, was breached by a zero day remote code execution vulnerability this February.
Fortra is the developer of the GoAnywhere Managed File Transfer system. The vulnerability is said to have hit over 100 organisations globally.
Mestrovich said: “We detected unauthorised access to a limited amount of information in one of our non-production IT testing environments as a result of the GoAnywhere vulnerability.
“Importantly, based on our current investigation, being conducted with the assistance of third-party forensics experts, the unauthorised access did not include any data we secure on behalf of our customers via any Rubrik products.”
The affected data did however include Rubrik internal sales information, which includes “certain customer and partner company names, business contact information, and a limited number of purchase orders from Rubrik distributors”, he said.
“No sensitive personal data, such as social security numbers, financial account numbers, or payment card numbers were exposed,” Mestrovich maintained.