Security researcher discovered data management company Rubrik accidentally leaked massive customer database on unsecured server

Briefing

Security researcher discovered data management company Rubrik accidentally leaked massive customer database on unsecured server

February 11, 2019

Briefing

  • Database Leak – Security researcher Oliver Hough found data management firm Rubrik left massive customer database exposed on unsecured server, where anyone can access it if they knew where to look without needing password
  • Customer Data – Database contained tens of gigabytes of customer data, including names, contact information, and case work for each corporate customer dating back to October 2018, plus e-mail records
  • Offline Server – Company pulled server offline when notified by TechCrunch
  • High Profile Customers – Include thousands of major clients, such as Scottish government, U.S. Department of Defense, CarePoint Health, Deloitte, Shell, Amalgamated Bank, U.K. National Health Service, Homeland Security, and other federal government departments
  • Human Error – Exposed server attributed to human error, citing default access setting was not changed in line with standard practice
  • Potential Fine – As customer database included European businesses, company could face penalties up to 4% of global annual revenue if found to be in violation of GDPR data protection rules

Accelerator

Sector

Information Technology

Organization

Rubrik Inc.

Source

Original Publication Date

January 31, 2019

Leave a comment