Data protection company Rubrik lost data of business partners

American data protection company Rubrik confirmed that hackers from the Cl0p group gained access to one of the company’s servers. Samples of the stolen data appeared earlier this week on the Cl0p website.

Michael Mestrovic, director of information security at Rubrik, said the hackers gained access to one of the “non-production IT testing environments.” The attackers exploited the zero-day RCE vulnerability Fortra GoAnywhere Managed File Transfer, according to the company.

Post on the group’s website Cl0p

In addition, an internal investigation revealed that the cybercriminals did not perform Lateral Movement, meaning they did not infect other parts of Rubrik’s IT infrastructure.

Mestrovic claims that sensitive customer data, social security numbers and financial accounts or payment details are not affected. However, the disclosed data includes the names of certain customers and partner companies, business contact information, and certain order information from Rubrik distributors.

Previously, the Clop ransomware gang claimed that stole data from over 130 organizations around the world using the GoAnywhere MFT vulnerability. Vulnerability CVE-2023-0669 allows a hacker to remotely execute code on unpatched GoAnywhere MFT instances when their administrative console is exposed to the Internet.