Security researcher discovered data management company Rubrik accidentally leaked massive customer database on unsecured server

Briefing

February 11, 2019

Briefing	Database Leak – Security researcher Oliver Hough found data management firm Rubrik left massive customer database exposed on unsecured server, where anyone can access it if they knew where to look without needing password Customer Data – Database contained tens of gigabytes of customer data, including names, contact information, and case work for each corporate customer dating back to October 2018, plus e-mail records Offline Server – Company pulled server offline when notified by TechCrunch High Profile Customers – Include thousands of major clients, such as Scottish government, U.S. Department of Defense, CarePoint Health, Deloitte, Shell, Amalgamated Bank, U.K. National Health Service, Homeland Security, and other federal government departments Human Error – Exposed server attributed to human error, citing default access setting was not changed in line with standard practice Potential Fine – As customer database included European businesses, company could face penalties up to 4% of global annual revenue if found to be in violation of GDPR data protection rules
Accelerator	Cybersecurity
Sector	Information Technology
Organization	Rubrik Inc.
Source	Whittaker, Z., "Data management giant Rubrik leaked a massive database of client data", TechCrunch, https://techcrunch.com/; Orme, J., "Rubrik reportedly leaks massive customer database", Techerati, https://techerati.com/; AcceleratingBiz analysis
Original Publication Date	January 31, 2019

Related Briefings

Cybersecurity firm F-Secure launched Project Blackfin, new technique using swarm of artificial intelligence bots to autonomously detect and respond to cybersecurity threats

January 3, 2020

University of Maryland computer scientists developed censorship circumvention tool called Geneva that automatically finds ways to evade content blocking

November 18, 2019

Google expanded bug bounty program to popular Android apps, including software vulnerabilities and data abuse violations

October 22, 2019

Google shipping new Pixel 4 smartphone with gesture and face recognition, speech transcription, machine learning processor, security chip and more on October 24, 2019

October 21, 2019

Libra Association launched bug bounty program for security researchers with rewards up to $10,000

September 2, 2019

Go to page

Related Proof Points

Companies Using Advanced Authentication Technologies Globally

April 1, 2019

Global Companies’ Top Motivations for Increasing IT Security Investment

March 20, 2019

Effect of Cybersecurity Concerns on AI-Related Initiaves of U.S. Companies

March 1, 2019

U.S. Companies’ Top AI Use Cases

February 20, 2019

Greatest Disruptions from Blockchain in Next Three Years

February 11, 2019

Go to page

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Leave a comment