Rubrik -- an IT security firm serving the U.S. Department of Defense, among other clients -- has been hit with a massive data breach, according to reports.
The information includes customer
names, contact information and emails from corporate clients.
The leak was discovered by security researcher Oliver Hough.
The data was housed on an Amazon Elasticsearch server.
The company pulled the server offline on Tuesday.
Since some clients are based in Europe, the firm is subject to GDPR reporting requirements and potential fines.
According to
TechCrunch, a Rubrik spokesperson says: ”While building a new solution for customer support, a sandbox environment containing a subset of our [customers’] corporate contact
information and support interaction data was potentially accessible for a brief period of time. We rectified this issue immediately.”
The spokesperson adds: “We also
confirmed that no customer-owned data was exposed,” the spokesperson noted, adding that “other than the security researcher who discovered this issue, no one has accessed this
environment.”
Continuing, the spokesperson says: “We have traced the cause to human error, a default access setting was not changed per our standard practice. We have enacted
changes to our processes to prevent this from happening again. Privacy and security is our top concern and we sincerely apologize for the mistake.”