Rackspace says user data from 27 customers accessed in ransomware attack

Rackspace Inc. announced on Thursday that personal data from 27 Hosted Exchange customers was accessed by a threat actor known as “Play” during a ransomware attack in early December.

The company’s announcement said there was no evidence any of that data, known as Personal Storage Tables (PSTs), was actually viewed, obtained, misused, or disseminated, and that the company has already reached out to all affected customers.

The company also said no Rackspace product or platform was infiltrated other than its Hosted Exchange email platform.

According to an investigation by Rackspace and cybersecurity firm CrowdStrike into the attack, the threat actor used a previously unknown zero-day exploit to get into Rackspace’s Hosted Exchange systems.

Rackspace also said it would not be rebuilding Hosted Exchange, and that the platform was already on a path to be migrated to Microsoft 365, which Rackspace has been offering to affected customers for free since the attack shut down Hosted Exchange.

Half of the thousands of impacted Hosted Exchange customers are now able to download some or all of their data, according to Rackspace, though only 5% have done so.

Rackspace’s stock price has steadily declined since the early-December attack, down roughly 30%. The attack also sparked several class-action lawsuits against the company by customers who said Rackspace put their data at risk, failed to secure its systems, and failed to notify customers in a timely manner about the attack.