Rubrik discloses server breach, compromise of ‘access information’

Data security and backup vendor Rubrik has disclosed a security breach involving an unauthorized intrusion into one of its servers. The company confirmed that while certain access information was compromised, there is no evidence that the stolen data has been misused by cyber threat actors.

According to a blog post published on February 22, Rubrik’s security team detected anomalous activity on a server containing log files. Following an investigation conducted with the assistance of a third-party cybersecurity firm, the company determined that an unauthorized actor had gained access to the server. However, Rubrik’s co-founder and CTO, Arvind Nithrakashyap, along with Chief Information Security Officer Michael Mestrovich, assured that the intrusion was limited to a single server and that no customer data or internal code was accessed.

The exact nature of the compromised access information remains unspecified. Nithrakashyap and Mestrovich stated that the threat actor accessed a small number of log files, most of which contained non-sensitive data. Only one file contained limited access information, which prompted the company to rotate security keys as a precautionary measure, despite finding no evidence of misuse.

While Rubrik has mitigated the incident and emphasized that customer data remains unaffected, the broader cybersecurity landscape has shown that compromised access credentials can pose significant risks. For example, in late 2023, identity management company Okta suffered a breach in which attackers used stolen access tokens and service account credentials to target several customers, including Cloudflare.

Rubrik has not disclosed how the unauthorized actor infiltrated the compromised server or what specific types of access information were exposed. Cybersecurity Dive reached out to the company for additional comment, but no further details have been provided.

Nithrakashyap and Mestrovich reaffirmed Rubrik’s commitment to transparency and security, stating that while the issue has been fully mitigated, the company wanted to proactively inform customers, partners, and stakeholders.

Founded in 2014, Rubrik initially focused on backup and recovery solutions before expanding into data protection and cybersecurity. The company went public in April 2024, raising approximately $725 million in its initial public offering. In the fiscal third quarter ending October 31, 2024, Rubrik reported $236.2 million in revenue.

This is not the first time Rubrik has faced a security incident. In 2023, the company suffered a data breach after threat actors exploited a zero-day vulnerability—CVE-2023-0669—in Fortra’s GoAnywhere MFT software. The attackers accessed a non-production IT testing environment, though Rubrik maintained that customer data was not compromised. The Cl0p ransomware gang later claimed responsibility for that attack.