The Rubrik Information Security Team recently discovered anomalous activity on a server that contained log files. We promptly took the server offline to mitigate the risk. An investigation supported by a third party forensic partner has confirmed that the incident was isolated to this one server and we found no evidence of unauthorized access to any data we secure on behalf of our customers, or our internal code.
Through our investigation we discovered that an unauthorized actor accessed a small number of log files, most of which contained non-sensitive information. One file contained some limited access information. Out of an abundance of caution, we have rotated keys to mitigate any residual risk, even though we found no evidence that access information was misused.
We would like to reiterate that after a detailed analysis with the third party partner, we have found no evidence of unauthorized access to any data we secure on behalf of our customers or our internal code. We take the security of our customers as well as our own systems extremely seriously and while the issue has been fully mitigated, we felt it was important to be transparent about this to all our customers, partners and prospects.
— Arvind Nithrakashyap, Co-Founder & CTO / Michael Mestrovich, CISO