Rackspace Microsoft Exchange Ransomware Incident | December 2022

Cloud services provider, Rackspace Technology, confirmed they suffered a ransomware incident. Here's what you need to know.


Cloud services provider, Rackspace Technology, confirmed they suffered a ransomware incident affecting their hosted Microsoft Exchange environment, leading to an ongoing outage lasting multiple days. The company stated this did not affect other Rackspace services, and it is not yet known whether sensitive customer data was accessed as part of the incident.


Based on the latest available information, the incident was isolated to hosted Microsoft Exchange and has not impacted other Rackspace services. It’s not known yet whether customer data was subject to unauthorized access and no further details are available as an investigation is ongoing.

Next steps for Rackspace customers:

  1. Take advantage of Rackspace’s offering. Rackspace is offering resources to assist their hosted Exchange customers in migrating to Microsoft 365. If you are a hosted Exchange customer, we encourage you to take advantage of this opportunity as Microsoft 365 is more stable and secure than other hosted Exchange configurations. For more information, see the following Rackspace resources, or reach out to them for assistance. You can contact Rackspace via their online chat platform or by calling +1 (855) 348-9064. (INTL: +44 (0) 203 917 4743). 
  2. Review our Guide to Vendor Breach Response to better understand how to respond when vendors notify your organization about a security or privacy incident.
  3. Consider notifying Corvus of a claim. Discuss with your broker at what point you want to put Corvus on notice of a potential claim. At this time, we do not yet know whether customer data was accessed by the threat actor. But as you will read in the above Guide, working with panel counsel can help you determine what your obligations as an organization are as more facts come to light.


This alert is provided for informational use only. The policyholder will be solely responsible for remediation. Please consult with your IT department for more information or remediation guidance.