Rackspace Security Incident and Hosting Disruption Class Action

Rackspace Technology, Inc. suffered a data security incident in December 2022. This class action brings suit against the company, not only for exposing the personally identifiable information (PII) stored in Rackspace’s systems but also for failing to maintain its Hosted Exchange environment, providing continuous email services to its clients or notifying them promptly, “so as to not unreasonably interfere with their access to their Sensitive Data.”

A class and a subclass have been defined for this action:

• The Nationwide Class is all individuals in the US whose PII or proprietary data was rendered unavailable or exposed to unauthorized third parties as a result of the data security incident announced on or around December 3, 2022.
• The Texas Subclass is all individuals in Texas whose PII or proprietary data was rendered unavailable or exposed to unauthorized third parties as a result of the data security incident announced on or around December 3, 2022.

“Rackspace is the world’s largest managed cloud provider,” the complaint alleges, “and provides access to such cloud offerings as Amazon Web Services, Microsoft Azure and OpenStack.”

One of the plaintiffs in this case, Gateway Recruiting, LLC is an executive recruiting company; the other is the president of that company. Both are victims of the security incident suffered by Rackspace. The complaint alleges that they want to hold Rackspace “responsible for not ensuring that its Hosted Exchange environment was maintained in a manner consistent with industry and other relevant standards.”

Sometime before 2:49 AM EST, the complaint alleges, Rackspace found that it had an issue that affected its Hosted Exchange environment. At the time, the complaint alleges, “it was investigating the issues, but provided no further information… As of that time, [Rackspace] had allegedly already received ‘reports of connectivity issues’ to its Exchange environments, admitting (albeit much later and insufficiently) that users ‘may experience an error upon accessing the Outlook Web App (Webmail) and syncing their email clients.’”

Rackspace continued to investigate, the complaint says, and later admitted that users “may experience an error upon attempting to access OWA (Webmail) & sync mail to their email client” or “a prompt [to] re-enter their password.” The investigation continued during the next day.

Eventually, the complaint alleges that Rackspace told its clients’ account administrators to ‘manually set up each individual user’ on their accounts… During that recommended process, [Rackspace] acknowledged that its clients would be ‘unable to connect to the Hosted Exchange service to sync new email or send mail using [the] Hosted Exchange.’”

Only later, at almost 2 AM EST on December 3, the complaint alleges, did Rackspace finally determine that the problems were caused by a “security incident.”

The complaint alleges that Rackspace’s failure to protect its systems cost clients considerable time and money, in “discussing the incident…, migrating … data … to a new platform, exploring credit monitoring and identity theft insurance options, self-monitoring their accounts and seeking legal counsel regarding their options for remedying and/or mitigating the effects of the Security Incident.”

Article Type: Lawsuit
Topic: Privacy
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy