Why, hello Rubrik's Trello: Data protection biz leaves productivity tool open to world+dog
Anyone with URL could see lists of case study projects
Rubrik's internal security controls must have taken an early summer holiday because a Trello page that listed customer case studies and their status has been open for the great unwashed to access.
The data protection and management biz has used the popular collaboration tool to detail projects. It is not clear how long it was viewable, but when El Reg notified Rubrik of the URL, it disappeared from view promptly.
The Trello deck listed 28 potential case studies for Rubrik's data protection products progressing through a pipeline of status categories:
- Future case study – 7 customers
- Setting up customer interview – 5 customers
- Interviewing customer – 3 customers
- Writing case study – 2 customers
- Delayed/On-hold – 2 customers
- Under approval – 6 customers
- With PR – 3 customers
- Dead case study – 1 customer
El Reg has decided not to name the clients, as they aren't the ones who caused the embarrassing gaffe. The list includes a well-known car manufacturer, a cinema chain, a hospital, a museum, a bank and university.
One "delayed/on-hold" case study on a customer in Germany was listed as facing "massive problems" as the "appliance doesn't seem to do its job properly". Ouch. The client apparently wants an "exchange". Presumably of words, not fists.
Another held up in the queuing system was for a client in Italy that is apparently waiting on an interview to be conducted in Italian.
The dead case study seemingly involved a customer CTO leaving and delayed approval from the communications director. "Lets scrap this case study," Rubrik stated on the Trello page.
John Koo, veep of corporate marketing at Rubrik, sent us a statement: "I can confirm that some information on one of our internal collaboration tools was inadvertently made public due to a settings issue. We've immediately rectified this issue and taken steps to make sure it doesn't happen again. We take privacy very seriously and apologise for the mistake." ®
Sponsored: Becoming a Pragmatic Security Leader