We are writing to close communication on the migration notice previously sent to

1. We are writing to close communication on the migration notice previously sent to you, and to provide you more information about the reasons it was necessary. We know that migrations can be inconvenient, and we thank you for your patience. Now that the migrations are complete, there is nothing more that you need to do regarding this issue.
2.  
3. When we announced the recent migrations, we explained that such measures are periodically required to promote the stability, performance, security, and feature-richness of our Cloud Servers platform. We were not able to share more information at the time, without putting you and other customers at risk. Now that the migrations have been completed, however, we want to provide you with the transparency that you expect from Rackspace. We now can tell you the timing of the migrations was driven by the need to fix a potential security issue.
4.  
5. We discovered the issue in collaboration with an independent I.T. security consulting firm, which conducted penetration testing on our Cloud Servers product. After spinning up several servers, the security consultants used forensic techniques to examine the underlying physical disk. They discovered that, in certain use cases, random fragments of temporarily stored data could be left behind on the physical disk.
6.  
7. This potential vulnerability applied only to Cloud Servers customers using our implementation of the XenClassic hypervisor. Not affected were Linux customers using our XenServer platform, or Windows Cloud Server customers. Also not affected were customers using our Cloud Files, Cloud Sites, or email products.
8.  
9. In repairing this vulnerability, we have ensured that all data is wiped effectively whenever a customer vacates hard-drive space on a host machine. And through the migration that you and other customers have completed, we have cleaned up all fragments of remnant data. The security consulting firm that discovered this issue has performed follow-up testing and has found no remnant data on either our legacy Cloud Servers environment or our new Next Generation Cloud, powered by OpenStack.
10.  
11. We know of no case of customer data being seen or exploited in any way by any unauthorized party.
12.  
13. One reason is that the remnant data could not have been seen through normal use of cloud servers, but would have had to be sought, using forensic techniques. It was not possible for anyone to specifically target a particular customer through this vulnerability, given the random and fragmented nature of the remnant data. Customers who encrypted sensitive data on their cloud servers would have faced no risk of exposure.
14.  
15. If we had made this issue public earlier, we could have opened the door for a malicious user to exploit the vulnerability. For that reason, we decided to keep information about the vulnerability on a need-to-know basis within our company ? until now, when the issue has been fully resolved.
16.  
17. Dealing with security issues is a constant in any type of computing, whether at a government agency like the Pentagon, in a corporate data center, or at a cloud-hosting provider. At Rackspace, we work to provide you with the safest, most-stable environment possible. We regularly consult with independent security consultants. We employ a large and growing staff of security specialists and IT engineers. We are proud of their work in repairing this vulnerability, and grateful for your patience.
18.  
19. Now that the migrations are complete, there is nothing more that you need to do regarding this issue. But if you have questions, please reach out to your support team. We are here to serve you.