Rising Storage Star Rubrik Reportedly Leaked Client Database


Data management company Rubrik appears to have had an issue with managing some of its data as news of a security lapse exposed customer information.

Rubrik, one of the IT industry's fastest-growing storage and data management companies, had to pull one of its servers off-line after it was discovered that the server wasn't password-protected, a mistake that allowed anyone who knew where the server was to potentially access Rubrik customer data, TechCrunch reported Tuesday.

Palo Alto, Calif.-based Rubrik pulled the server off-line on Tuesday after TechCrunch contacted the company about the issue, the tech news site reported.

[Related: Investors Make Huge $261 Million Bet On Rubrik]

Sponsored post

Part of the database in question included information on Rubrik clients that allowed clients to interact with Rubrik personnel, including client email signatures with names, titles, and phone numbers. TechCrunch also said the data included descriptions about the clients, and some sensitive information related to their setups and configuration.

Rubrik Chief Information Officer Avon Puri told CRN via email that the issue was quickly fixed, and that no customer-owned data was exposed.

"While building a new solution for customer support, a sandbox environment containing a subset of our customer corporate contact information and support interaction data was potentially accessible for a brief period of time. We rectified this issue immediately. We also confirmed that no customer-owned data was exposed.

"We have traced the cause to human error, a default access setting was not changed per our standard practice. We have enacted changes to our processes to prevent this from happening again. Privacy and security is our top concern and we sincerely apologize for the mistake," Puri wrote in that statement.

Rubrik has of late been one of the most successful startups in the storage industry. The company earlier this month unveiled a huge new funding round that brought it $261 million from venture capital firms, a move that follows an investment from former Cisco CEO John Chambers that also gave him a seat on Rubrik's board of directors.

Rubrik has been touting the security of its technology. The company in November unveiled the Andes 5.0 release of its flagship Cloud Data Management platform, delivering a single software to protect, automate, and govern applications and data across datacenters and clouds. That release included application-aware data protection, including protection against cyber attacks such as ransomware, the company said.

One Rubrik solution provider, who talked with CRN on condition of anonymity, said the solution provider has two contradictory thoughts about the Rubrik security issue.

"Part of me doesn't think it's that big of a deal," the solution provider said. "Things happen. The exposed data about companies can be gotten in a million places. It's annoying. The data that was exposed didn't include social security numbers or kids' photos."

However, the solution provider said, the leak exposes Rubrik to concerns on the part of customers.

"When I deal with startups, I look at if they run a tight show," the solution provider said. "Can they keep things tied down. I can't understand how Rubrik let this happen. Are they growing too fast?"