The Palo Alto-based unicorn Rubik has had a cybersecurity lapse that has caused a massive leak of its client information. The database consisting of client information was running on a hosted Amazon Elasticsearch server and stored tens of gigabytes of data.
The data was found by a security researcher Oliver Hough. Rubrik took the server offline as soon as it was told of the problem. The server that was compromised was not password protected and allowed access to anyone. The database leaked data that included “customer names, contact information, and casework for each corporate customer”.
A spokesperson from Rubrik said in an interview: “While building a new solution for customer support, a sandbox environment containing a subset of our customer corporate contact information and support interaction data was potentially accessible for a brief period of time.” The spokesperson further clarified that no customer-owned data was exposed and that no one other than the security researcher has managed to access the leaked data. The company believes that a human error caused the issue.
Rubrik has a huge clientele that includes some big names like the U.S Department of Defense, the Scottish government, Deloitte, Shell and many others. Given that the data management company operates in Europe and engages many clients on the continent, it may soon invite the wrath of GDPR due to the leak.