• by Ray Schultz , January 30, 2019

Rubrik -- an IT security firm serving the U.S. Department of Defense, among other clients -- has been hit with a massive data breach, according to reports.

The information includes customer names, contact information and emails from corporate clients. 

The leak was discovered by security researcher Oliver Hough.

The data was housed on an Amazon Elasticsearch server. The company pulled the server offline on Tuesday.

Since some clients are based in Europe, the firm is subject to GDPR reporting requirements and potential fines. 

According to TechCrunch, a Rubrik spokesperson says: ”While building a new solution for customer support, a sandbox environment containing a subset of our [customers’] corporate contact information and support interaction data was potentially accessible for a brief period of time. We rectified this issue immediately.” 

The spokesperson adds: “We also confirmed that no customer-owned data was exposed,” the spokesperson noted, adding that “other than the security researcher who discovered this issue, no one has accessed this environment.”

Continuing, the spokesperson says: “We have traced the cause to human error, a default access setting was not changed per our standard practice. We have enacted changes to our processes to prevent this from happening again. Privacy and security is our top concern and we sincerely apologize for the mistake.”