article featured image


Rubrik, the cybersecurity giant, confirmed a data breach. The incident was caused by a large-scale attack using a zero-day vulnerability in the Fortra GoAnywhere platform. GoAnywhere is a secure data transfer business solution for encrypted files.

The announcement comes after the Clop ransomware published a sample of the stolen data. Organizations use Rubrik cloud data management service for data backup, recovery services, and disaster recovery solutions.

Details About the Rubrik Data Breach

Rubrik’s representatives said that the data breach affected only a non-production IT testing environment. Consequently, hackers did not exfiltrate any sensitive customer data.

We detected unauthorized access to a limited amount of information in one of our non-production IT testing environments as a result of the GoAnywhere vulnerability. Importantly, based on our current investigation, being conducted with the assistance of third-party forensics experts, the unauthorized access did NOT include any data we secure on behalf of our customers via any Rubrik products.


With the help of a third-party firm, the company established that the thread actors did not move laterally. And the affected data consists of internal sales details (customer and partner company names, business contact information, and some of the purchase orders from Rubrik distributors). Social security numbers, financial account numbers, and payment card numbers are safe.

Security specialists took the corrupted environment offline, contained the data breach, and then restored the test environment.

The Forta GoAnywhere Attacks

Forta GoAnywhere attacks affected over 100 organizations worldwide earlier this year. The Clop ransomware gang claims to be behind them, using a zero-day vulnerability to leak data. Forta released a patch for the exploited vulnerability in February 2023.

Security Organization Rubrik Affected by the GoAnywhere Zero-day Attacks


The cybercriminals posted a sample of Rubrik’s data and announced that soon they will publish all the stolen information. The gang is sending extortion messages to pressure the victims while they add them to the site.

One of the listed victims, Hatch Bank, already disclosed a data breach from the attacks, stating that the attackers stole customers’ names and social security numbers.


Community Health Systems (CHS) also announced a data leak caused by the GoAnywhere vulnerability, but they are not listed on Clop’s site yet.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.

Leave a Reply

Your email address will not be published. Required fields are marked *