Cybersecurity firm Rubrik has disclosed a data breach, after a ransomware group exploited a recently disclosed zero-day vulnerability in the Fortra GoAnywhere secure file transfer platform. The company was the victim of a large-scale campaign targeting GoAnywhere MFT devices worldwide. Rubrik immediately launched an investigation into the incident with the help of third-party forensics experts.
According to the company's statement, the breach was quickly contained and only impacted a non-production IT testing environment. “The current investigation has determined there was no lateral movement to other environments. Rubrik took the involved non-production environment offline and leveraged our own security systems and solutions to quickly contain the threat and help restore our test environment,” said the company. The stolen data mainly consists of Rubrik internal sales information, which includes certain customer and partner company names, business contact information, and a limited number of purchase orders from Rubrik distributors. The third-party firm has also confirmed that no sensitive personal data such as social security numbers, financial account numbers, or payment card numbers were exposed.
The Clop ransomware group added Rubrik to the list of victims on the Tor leak site and published samples of stolen documents as proof of the hack. “Importantly, based on our current investigation, being conducted with the assistance of third-party forensics experts, the unauthorized access did NOT include any data we secure on behalf of our customers via any Rubrik products,” said the company. The zero-day vulnerability (CVE-2023-0669) in Fortra’s GoAnywhere MFT secure file transfer tool was also exploited by the Clop ransomware group to breach other organizations, including the Hatch Bank and the Community Health Systems.