Cloud computing behemoth Rackspace reported in an earnings presentation issued earlier this month that it has already spent $10.8 million responding to a Play ransomware group attack that started late last November against its hosted Exchange environment. 30,000 Rackspace customers were impacted by the attack, which was discovered on December 1, 2022, and were unable to access email and related data.
The San Antonio, Texas-based company's multimillion-dollar expenditures are made up of "costs to investigate and remediate, legal and other professional services, and supplemental staff resources that were deployed to provide support to customers," it stated in a separate filing with U.S. federal regulators. "We anticipate continuing to pay for legal and other professional services in the future, and we will deduct those expenses as they are incurred."
"Costs could rise even further. We have been named in several lawsuits in connection with the December 2022 ransomware incident, which caused service disruptions on our Hosted Exchange email business," Rackspace further said. "The pending lawsuits seek equitable and compensatory relief, among other things. We are strongly defending these issues."
Rackspace said it has cybersecurity insurance and expects insurance to cover "a significant portion" of the costs associated with the attack and cleanup. The corporation has refused to comment on whether it paid a ransom to Play.
The company's expense thus far is a fraction of the almost $50 million spent by non-bank lender Latitude Financial to recover from an attack discovered in March. The Australian company anticipates that at least some of these costs will be paid by its insurance plans.
Latitude estimated that the hackers had taken control of 328,000 client records when it first disclosed the hacking incident in mid-March. The inquiry discovered that the final total was significantly different, as is typical in breach investigations.
By the end of March, the business had released an update in which it claimed that hackers had stolen data on roughly 14 million consumers.
A database with data going back at least to 2005 contained an additional 6.1 million records, which included names, residences, phone numbers, and birth dates. The total comprised around 7.9 million driver's licence numbers from Australia and New Zealand.
To its credit, Latitude refused to pay the ransom demanded by the attackers in exchange for the assurance that the hackers would delete stolen data.