Data security firm Rubrik has confirmed being compromised through a zero-day in the Fortra GoAnywhere file-transfer software it uses for internal data sharing, TechCrunch reports.
Exploitation of the vulnerability, tracked as CVE-2023-0669, enabled threat actors to obtain access to Rubrik's nonproduction IT testing environments, resulting in the theft of the company's internal sales information, including "certain customer and partner company names, business contact information, and a limited number of purchase orders from Rubrik distributors," said Rubrik Chief Information Security Officer Michael Mestrovich.
However, the intrusion did not impact any Social Security numbers, payment card numbers, or financial account numbers, as well as any of the firm's enterprise data management and backup tools.
"Unauthorized access did not include any data we secure on behalf of our customers via any Rubrik products," noted Rubrik spokesperson Najah Simmons.
Rubrik's admission comes after the Clop ransomware group claimed responsibility for compromising over 130 organizations using the Fortra GoAnywhere flaw.
Breach, Data Security, Vulnerability Management
Rubrik data theft attributed to Fortra zero-day exploitation
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds