2nd suit filed in firm’s email outage
Rackspace says it is victim of a ransomware attack
Rackspace Technology is facing another proposed class-action lawsuit over an outage caused by a ransomware attack that has left customers without access to email since Friday.
In at least the second such filing, Florida resident Chris Ondo accuses the Windcrest-based cloud computing company of failing to safeguard his and other class members' personal information and other sensitive data and to continuously provide email services.
The suit was filed in San Antonio federal court Tuesday, the same day Rackspace confirmed the outage was caused by a ransomware attack that led it to shut down its hosted Exchange email service. It has not specified how many customers are affected, but said it expected a loss of revenue in the business line, which generates about $30 million annually.
Investigations of the breach — both
internally and by law enforcement — are in progress.
In his filing, Ondo says Rackspace allowed customer data to be compromised by “an undoubtedly nefarious third party that seeks to profit off this disclosure by defrauding” customers. The company also failed to adequately alert customers about the outage, posting “opaque” announcements on its website and not responding if directly contacted, Ondo says.
The lawsuit alleges negligence and breach of confidence, implied contract and implied covenant of good faith and fair dealing. It seeks more than $5 million in damages and says there are more than 100 members in the proposed class.
The accusations and language are similar to a separate class-action lawsuit filed Monday by Gateway Recruiting and Garrett Stephenson, president of the New Braunfels-based executive recruiting firm. It's possible that the cases could be combined at some point. A Rackspace spokesperson said it would not comment on pending litigation.
Such lawsuits become class actions only after a judge certifies the class is valid. In making that decision, the judge evaluates how many people have been affected by the situation being alleged, according to Classaction.org.
For lawsuits filed in federal court, “attorneys representing the class members must satisfy several requirements, including establishing that the number of people who could be covered by the class action is large enough that it would be impractical and
inefficient to file numerous individual lawsuits,” Classaction.org notes.
The next step is discovery, or investigating the claims made. Actions are often settled before advancing to trial.
In an update Thursday afternoon, Rackspace offered advice to customers about how to avoid being further victimized.
“In situations like these, it's common for scammers and cybercriminals to try to take advantage,” it said. “We want to take this opportunity to remind all customers of best practices for keeping your account safe.”
The update offered tips for identifying authentic emails from Rackspace and alerting customers that the company's customer service representatives will not ask for login credentials or personal information.
In this week's outage, one complaint
from customers has been their inability to reach Rackspace customer service amid a crush of demand for help migrating email accounts to Microsoft 365, the alternative service it's providing.
On Sunday, the company said it had 1,000 employees working to reduce wait times and answer questions — including reaching out to customers. Late Wednesday, it told customers it was partnering with Microsoft's “Fast Track” team in an attempt to better assist customers.
As the outage continued through a sixth day, Rackspace shares kept falling Thursday, dropping nearly 16 percent from a day earlier to close at $3.20. The stock has lost $1.65 per share since last Friday's close, before the company acknowledged the cyberattack.