The giant company Rackspace, well known for its of cloud computing services including hosted MS Exchange, has confirmed that it has been affected by a ransomware attack.
Its hosted Exchange services became unavailable on Friday 2nd December, and updates since that time have confirmed that it took down the service as soon as it became aware of the problem, though the number of users and impact is still not clear. You can check for updates at https://status.apps.rackspace.com/
Since then, Rackspace has offered temporary free licences on its hosted Office 365 platform, plus support to move over, although this does require some technical skill and should definitely not be attempted without referring to your IT support provider.
Under the UK GDPR, a personal data breach is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. So this certainly may count, and any organisation affected should consult their DPO for advice too.
You can find more information on the ICO website at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/ and the ICO’s helpful self-assessment is at https://ico.org.uk/for-organisations/report-a-breach/personal-data-breach/
Even if you are not directly affected, this should be a reminder to review your personal data breach policy and procedure, and your IT security documents and training.
If you would like to talk this through with us, you are welcome to get in touch in any of the normal ways, use https://zorva.info/about-us/contact-us/ or by booking a 20-minute insight call at https://zorva.info/free-insight-call/ (for TinoPai members, but it’s free to join, and you get lots of other benefits including free live and on-demand webinars).