Rackspace revealed on Thursday that attackers behind last month's incident accessed some of its customers' Personal Storage Table (PST) files which can contain a wide range of information, including emails, calendar data, contacts, and tasks.
This update comes after
Rackspace confirmed that the Play ransomware operation was behind the cyberattack that took down its hosted Microsoft Exchange environment in December.
As discovered during the now-finished investigation led by cybersecurity firm Crowdstrike, the attackers gained access to the personal storage folders of 27 Rackspace customers.
However, the company added that there is no evidence that they viewed the contents of the accessed backup files or misused the information.
"Of the nearly 30,000 customers on the Hosted Exchange email environment at the time of the attack, the forensic investigation determined the threat actor accessed a Personal Storage Table ('PST') of 27 Hosted Exchange customers," Rackspace
said in an incident report update shared with BleepingComputer in advance.
"We have already communicated our findings to these customers proactively, and importantly, according to Crowdstrike, there is no evidence that the threat actor actually viewed, obtained, misused, or disseminated any of the 27 Hosted Exchange customers' emails or data in the PSTs in any way."
"Customers who were not contacted directly by the Rackspace team can be assured that their PST data was not accessed by the threat actor."
While RackSpace says there is no evidence that the threat actors accessed customer data, history has shown that this invariably is not the case.
Additionally, even if the data may not be leaked if a ransom is paid or for some other reason, it is very likely that customer data was at least viewed during the attack.
www.theregister.com
