We would like to make you aware of an issue regarding customer support data. A sandbox customer support & success development environment containing a subset of our customer corporate contact information and support interaction data was inadvertently left accessible for a brief period of time. We investigated and rectified the issue immediately. We have confirmed that no customer-owned data was exposed.
Impact
This sandbox environment was being used to develop a new solution for customer experience. The sandbox data repository contained customer names, business contact information, support requests, in addition to customer support conversations. Again, we have confirmed that no customer-owned data was exposed.
Root Cause
Our investigation traced the cause to a developer error. The sandbox development data repository defaulted to a lower access security level and we failed to follow our standard security procedure to appropriately set the access control. To prevent this from happening again, we are rolling out stricter processes such as multiple levels of approvals and security reviews throughout the organization.
We apologize for this incident. We are very serious about safeguarding customer information, and this is clearly unacceptable to us. We are continuing to review the situation to improve our processes. We will update this blog if we find any new information.
Timeline of Issues and Mitigation
- Jan 29th, 2019 09:25 AM PST – We were informed about a potential security incident involving our customer support repository
- Jan 29th, 2019 09:33 AM PST – We invoked our security incident response procedure and the Rubrik security SWAT team started the investigation
- Jan 29th, 2019 09:55 AM PST – We changed the access security level to prevent unauthorized access
- Jan 29th, 2019 11:04 AM PST – We established that no customer-owned data was exposed and implemented new security procedures