Rackspace has disclosed that some of its customers' Personal Storage Table files with emails, contacts, tasks, and calendar data, have been accessed by the Play ransomware operation during its attack on the multicloud MSP firm's Hosted Exchange email environment last month, according to BleepingComputer.
The Play ransomware gang was able to infiltrate 27 Rackspace customers' personal storage folders but there was no indication suggesting that the viewing of accessed backup files' contents or misuse of any data, an investigation led by Crowdstrike revealed.
"We have already communicated our findings to these customers proactively, and importantly, according to Crowdstrike, there is no evidence that the threat actor actually viewed, obtained, misused, or disseminated any of the 27 Hosted Exchange customers' emails or data in the PSTs in any way. Customers who were not contacted directly by the Rackspace team can be assured that their PST data was not accessed by the threat actor," said Rackspace, which has been providing free Microsoft 365 migration for impacted customers.