Cyber Incident Victim: Rubrik

Rubrik's information security team detected anomalous activity on a server dedicated to storing log files. The company promptly isolated this server from the network to contain the potential threat. A subsequent forensic investigation, conducted with the support of a third-party partner, confirmed that an unauthorized actor had gained access to the compromised server. The investigation definitively concluded that the incident was confined solely to this single server. Crucially, forensic analysis found no evidence indicating that the unauthorized actor accessed any customer data secured by Rubrik or the company's internal source code. The investigation further revealed that the attacker accessed a small number of log files residing on the breached server. Most of these accessed log files contained non-sensitive information. However, one specific file among those accessed contained what Rubrik described as "some limited access information." The nature and specific contents of this access information were not detailed publicly by the company.

Despite finding no evidence that the compromised access information had been misused by the threat actor, Rubrik implemented a key security measure out of an abundance of caution: they rotated cryptographic keys to mitigate any potential residual risk stemming from the incident. Rubrik executives, Co-Founder & CTO Arvind Nithrakashyap and CISO Michael Mestrovich, emphasized the company's commitment to security and transparency. They reiterated the investigation's core findings: the breach was isolated to one server, customer data remained uncompromised, and internal code was not accessed. The company stated that the security issue had been fully mitigated but deemed it important to disclose the incident transparently to customers, partners, and prospects. Rubrik underscored that it takes the security of both its customers' data and its own systems extremely seriously.