Rubrik Responds to Fortra’s ‘GoAnywhere’ Zero Day Vulnerability

By Michael Mestrovich, VP and CISO, Rubrik, Inc.

In February of this year, one of our vendors, Fortra, LLC, the developer of the GoAnywhere Managed File Transfer, advised of a zero-day remote code execution vulnerability. It has been reported that this vulnerability is being actively exploited across more than 100 organizations globally.

We detected unauthorized access to a limited amount of information in one of our non-production IT testing environments as a result of the GoAnywhere vulnerability. Importantly, based on our current investigation, being conducted with the assistance of 3rd-party forensics experts, the unauthorized access did not include any data we secure on behalf of our customers via any Rubrik products.

The current investigation has determined there was no lateral movement to other environments. Rubrik took the involved non-production environment offline and leveraged our own security systems and solutions to contain the threat and help restore our test environment.

It has been conducting a review of the involved data in partnership with a 3rd-party firm. The involved data mainly consists of Rubrik internal sales information, which includes certain customer and partner company names, business contact information, and a limited number of purchase orders from Rubrik distributors. The 3rd-party firm has also confirmed that no sensitive personal data such as social security numbers, financial account numbers, or payment card numbers were exposed.

As a cybersecurity company, the security of customer data we maintain is priority. If we learn additional, relevant information we will update this post. We sincerely regret any concern this may cause you, and as always, we appreciate your continued partnership and look forward to our ongoing work together.