Cloud computing large Rackspace has confirmed hackers accessed buyer information throughout final month’s ransomware assault.

The assault, which Rackspace first confirmed on December 6, impacted the corporate’s hosted Alternate e-mail surroundings, forcing the net large to close down the hosted e-mail service following the incident. On the time, Rackspace mentioned it was unaware “what, if any, information was affected.”

In its newest incident response replace revealed on Friday, Rackspace admitted that the hackers gained entry to the private information of 27 prospects. Rackspace mentioned the hackers accessed PST recordsdata, usually used to retailer backup and archived copies of emails, calendar occasions and contacts from Alternate accounts and e-mail inboxes.

Rackspace mentioned about 30,000 prospects used its hosted Alternate service — which it’ll now discontinue — on the time of the ransomware assault.

“We’ve already communicated our findings to those prospects proactively, and importantly, based on Crowdstrike, there isn’t any proof that the menace actor truly seen, obtained, misused, or disseminated any of the 27 Hosted Alternate prospects’ emails or information within the PSTs in any method,” mentioned Rackspace. The corporate added that prospects that haven’t been contacted straight can “be assured” that their information was not accessed by attackers.

Rackspace attributed the breach to the Play ransomware group, a comparatively new gang that just lately claimed assaults on the Belgian port metropolis of Antwerp and the H-Motels hospitality chain. Rackspace’s stolen information is just not presently listed on the ransomware group’s leak website, and it’s unclear if Rackspace has paid a ransom demand.

In accordance with the incident report replace, Play menace actors gained entry to Rackspace’s networks by exploiting CVE-2022-41080, a zero-day flaw patched by Microsoft in November that has been linked to earlier ransomware incidents.