365 Data Centers, a retail colocation provider, was recently named in a class action complaint filed in the United States District Court, District of Connecticut, whereby multiple plaintiffs allege claims against 365 Data Centers Services, LLC, for negligence, breach of contract, and unjust enrichment, based upon the company’s “failure to secure its systems and data from cyberattacks, including ransomware attacks, failure to properly secure and manage backup data for its clients and their customers, and failure to properly segment its data security systems”.
To-date, only four plaintiffs have been named in the class action complaint against 365 Data Centers. However, the company serves more than 1,300 customers, hundreds of which were gained through 365 Data Centers’ prior acquisition of Atlantic Metro, meaning that many more customers may have been impacted by the ransomware attack and subsequent outage.
Per the class action complaint, according to an individual who allegedly works at 365, the ransomware attack resulted from a “combination of an exploit and poor security practice”. While the source of the hack has not yet been identified, more details should be forthcoming from 365 Data Centers, as the case remains open in the Connecticut District Court.
Ransomware Attack – 365 Data Centers
According to the class action complaint, on May 14, 2022, 365 Data Centers “suffered a ransomware attack that caused the shutdown of their entire cloud network and loss of its clients’ data and critical infrastructure”. Customers of 365 “could not access their websites, customer portals, and other critical information technology infrastructure supported by 365’s network systems”.
Furthermore, the ransomware attack permanently prevented access to 365 Data Centers’ cloud infrastructure, with the company contending that the entire infrastructure must be rebuilt.
As a result, the plaintiffs allege that the “ransomware attack and its consequences have prevented and will continue to prevent 365’s clients, and the customers of those clients, from conducting any type of routine and ordinary business”. As such, the plaintiffs state that this ransomware attack has caused “significant business interruption and disruption and lost revenues”.
Following the ransomware attack, 365 Data Centers’ website, including its customer portal, went down and services to its customers were halted. Specifically, the website 365datacenters.com was no longer functional and was replaced by a new website temp.365datacenters.com. However, as of today, Dgtl Infra notes that 365datacenters.com appears to be working again.
E-Mail from VP, Customer Service of 365 Data Centers
On May 24, 2022, 365 Data Centers’ Vice President of Customer Service, Tom Walsh, sent an email to the company’s clients stating: “As of this update, we continue our efforts to clear all obstacles to enable us to initiate the restoration process but have not yet reached that point”.
E-Mail from CEO and CTO of 365 Data Centers
Subsequently, on May 25, 2022, a plaintiff received an e-mail from 365 Data Centers, signed by the company’s CEO, Bob DeSantis, and CTO, James Cornman stating the following:
Customers / Plaintiffs – Overview
365 Data Centers provides hybrid data center solutions to over 1,300 small- and mid-sized enterprises, telecommunications carriers, and cloud service providers. Through its 12 colocation facilities and 86 network points-of-presence (PoPs) across the United States, 365 offers colocation, network connectivity & IP, cloud, and managed services to its customers.
Below are further details on the four plaintiffs who brought the class action complaint against 365 Data Centers, resulting from the ransomware hack and subsequent outage:
- Bizbudding Inc: webservice provider that rents web space from 365 Data Centers, through its colocation servers, and uses that space to provide its webservices and support to ~180 customers. Notably, the company uses webspace rented from 365 to operate ~40% of its business
- Parisi Speed School: web-based business that offers a variety of educational seminars in five languages over the internet through four websites
- Core Wellness, LLC: operates a website which provides advice and a community for mothers, as well as hosts a podcast, using 365 Data Centers’ webspace and critical infrastructure
- PaleoMom.com: operates a website that sells e-books and online courses which cover the topic of biophysics
Notably, Parisi Speed School, Core Wellness, and PaleoMom.com all contract for their services from Bizbudding and thus are customers of one of 365 Data Centers’ clients. In turn, these customers rely on their ability to access and transact with the products and services provided by 365 Data Centers and ultimately suffered from the ransomware hack and subsequent outage.
365 Data Centers – Ownership
In October 2020, 365 Data Centers was acquired by Stonecourt Capital, a New York-based private equity firm. Stonecourt’s equity investments are primarily focused on logistics, food & beverage, renewables & sustainability, health & wellness, industrials, and twenty-first century infrastructure. As of December 31, 2021, Stonecourt had $398.8m of assets under management (AUM).