A security incident has caused an outage for cloud service provider Rackspace, potentially affecting a large number of Rackspace clients.

Author: John Farley


Cloud service provider Rackspace reported a significant outage on December 2, 2022 and remains down as of this writing. What was initially described as an issue related to connectivity and login issues is now being reported as a security incident. It has the potential to impact a large number of Rackspace clients.

What we know now about the Rackspace outage

The current outage is affecting Rackspace's hosted Microsoft Exchange environments. The impacted services includes MAPI/RPC, POP, IMAP, SMTP, ActiveSync, and the Outlook Web Access (OWA) interface used to access the Hosted Exchange to manage email online. According to Rackspace, the issue is "isolated to a portion of our Hosted Exchange platform."*

Rackspace advisory and response

In response to the incident, Rackspace is offering affected customers free Microsoft Exchange Online Plan 1 licenses until the outage is resolved. Detailed instructions on how to activate the free licenses and how to migrate users' mailboxes to Microsoft 365 are available in Rackspace's incident report.*

While there's no estimated time frame for full restoration of services, Rackspace has indicated that it may take several days.

Potential cybersecurity liabilities: What to do now

At this point in the investigation, it will be difficult to determine what liabilities, if any, may affect Rackspace clients. Questions remain regarding whether unauthorized parties may have accessed any sensitive information, whether the incident will spread to systems beyond the Microsoft Exchange environment, the length of downtime and the overall impact to their client's business operations as a result of this event.

As the investigation unfolds, we suggest affected organizations proactively assemble key members of their incident response teams who may need to respond in some way as more information becomes available. These key members may include general counsel, communications, information technology, business continuity and risk management departments. We suggest a thorough review of incident response plans to aid in any required strategic response.

Leveraging cyber insurance

Cyber insurance and other insurance policies may provide assistance to organizations that believe they were victimized by cyber threat actors, either directly or indirectly through a vendor. Many stand-alone cyber policies provide access to crisis services, including breach coaches, IT forensics investigators and several other breach response experts. Those with cyber insurance should be mindful of claim reporting obligations, requirements to utilize insurance panel breach response vendors, evidence preservation and issues that may impact attorney-client privilege.

Organizations should also be aware of the rapidly evolving cyber insurance products that may impact the scope of insurance coverage. The hardening 2022 cyber insurance market has spurred cyber insurers to use various methods to reduce their cascading losses for incidents such as the one that is unfolding at Rackspace. Sub-limits and coinsurance are often imposed for ransomware claims. Some carriers have increased waiting periods before coverage for business interruption coverage is triggered. Contingent business interruption coverage may be offered for losses as a result of an incident involving a key vendor, but buyers need to be mindful of potentially restrictive policy language. Cyber carriers may limit or exclude coverage related to specific cloud providers and other third parties.

Author Information


*"Hosted Exchange Issues," Rackspace Technology, updated 5 Dec 2022.


The information contained herein is offered as insurance Industry guidance and provided as an overview of current market risks and available coverages and is intended for discussion purposes only. This publication is not intended to offer legal advice or client-specific risk management advice. Any description of insurance coverages is not meant to interpret specific coverages that your company may already have in place or that may be generally available. General insurance descriptions contained herein do not include complete Insurance policy definitions, terms, and/or conditions, and should not be relied on for coverage interpretation. Actual insurance policies must always be consulted for full coverage details and analysis.

Insurance brokerage and related services to be provided by Arthur J. Gallagher Risk Management Services, Inc. (License No. 0D69293) and/or its affiliate Arthur J. Gallagher & Co. Insurance Brokers of California, Inc. (License No. 0726293).