Global managed cloud hosting provider Rackspace Technology is now facing at least three class-action lawsuits over its Hosted Exchange outage caused by a ransomware attack. Since the outage began a week ago, there has been no hint of a resolution yet.
The first class-action lawsuit against Rackspace Technology, for negligence and related violations, was filed last week by law firm Cole & Van Note from California.
Many Rackspace clients unable to access email service, were advised to migrate to a Microsoft 365 platform and to take various steps to protect and access their data. “That Rackspace offered opaque updates for days, then admitted to a ransomware event without further customer assistance is outrageous,” said Scott Cole, the principal attorney on the case. “Despite hundreds of data breaches every year in this country, I am receiving reports of vulnerabilities in Rackspace’s hosting environment that go back over a year. That, and a seeming lack of backup protocols is why a lawsuit like this is critical.”
In addition to seeking monetary compensation, Cole & Van Note’s lawsuit requires Rackspace to establish and uphold adequate security measures going forward in order to stop other attacks. Of the numerous cyber-attacks, a growing percentage of them target sensitive business records such as those accessed here, given that such information is highly valuable to cyber criminals, added Cole & Van Note.
In the Western District of Texas, law firm Garrett Stephenson and Gateway Recruiting filed another class-action lawsuit against Rackspace. In the action, damages were sought for negligence, breach of confidence, implied contract, good faith and fair dealing implicit covenant, and misleading business practices.
Rackspace is facing a third class-action lawsuit by Chris Ondo, a resident of Florida. He claims that the managed cloud hosting failed to protect his and other class members’ sensitive data as well as to consistently deliver email services.
This class-action lawsuit by Chris Ondo makes claims of carelessness, breach of trust, implied contract, and implicit promise to operate honestly and fairly. It claims that the proposed class has more than 100 members and asks for more than $5 million in damages.
Microsoft Office 365
Following the discovery of the security incident, Rackspace Technology hired international cybersecurity company CrowdStrike to assist with the investigation and remediation. CrowdStrike has validated the security issue was rapidly confined and restricted just to the Hosted Exchange Email business as a result of Rackspace’s prompt action in disconnecting its network and according to its incident response policies.
The Hosted Exchange Email business, which mostly consists of small and medium-sized enterprises that only utilize this product, would contributes around 1% of Rackspace’s total yearly income. No other Rackspace services, platforms, offerings, or companies were impacted by this event or are currently experiencing outage, according to the managed cloud hosting provider.
According to Rackspace, many of the impacted clients have already successfully completed the transfer to the more contemporary Microsoft Office 365, which Rackspace is actively implementing for them. The objective of Rackspace’s thorough and quick effort is to restore service to all of its clients. All of the company’s resources, including extra surge workers and a Microsoft Fast Track team that has deployed to assist the Rackspace workforce, are being made available to service those remaining clients.