Security News > 2023 > January > Rackspace: Customer email data accessed in ransomware attack
"Of the nearly 30,000 customers on the Hosted Exchange email environment at the time of the attack, the forensic investigation determined the threat actor accessed a Personal Storage Table of 27 Hosted Exchange customers," Rackspace said in an incident report update shared with BleepingComputer in advance.
"Customers who were not contacted directly by the Rackspace team can be assured that their PST data was not accessed by the threat actor."
Even if the data may not be leaked if a ransom is paid or for some other reason, it is very likely that customer data was at least viewed during the attack.
Since discovering the attack on December 2 and confirming the resulting outage was caused by a ransomware attack, Rackspace has been offering affected customers free licenses to migrate their email from its Hosted Exchange platform to Microsoft 365.
BleepingComputer asked a Rackspace spokesperson earlier today if the email data is being restored from Rackspace's backups or with the help of a decryption tool provided by the Play ransomware attackers.
Rackspace added in today's update that its Hosted Exchange environment would be discontinued, saying that it was already planning to migrate customers to Microsoft 365 even before the December ransomware attack.
News URL
Related news
- Critical SonicWall SSLVPN bug exploited in ransomware attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Security measures fail to keep up with rising email attacks (source)
- Port of Seattle hit by Rhysida ransomware in August attack (source)
- AutoCanada says ransomware attack "may" impact employee data (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)