Iron Mountain Confirms Data Security Incident Following Everest Ransomware Claims

Iron Mountain, a data storage and recovery company, confirmed a data security incident after the Everest ransomware group claimed it had breached the company’s internal network and stolen confidential information.

 

Founded in 1951, Iron Mountain is a global enterprise information management company that stores, protects, and manages physical records, digital data, and art. Serving over 225,000 clients—including 95% of the Fortune 1000—through thousands of facilities, it offers secure storage, data center management, and digital transformation services.

 

Recently, the Everest ransomware group said it breached Iron Mountain’s infrastructure and listed it as a victim on its data leak site. The group claimed to be in possession of 1.4 TB of confidential data that included “a “variety of personal documents and information of clients.”

 

 

While the group did not provide any downloadable data, the Cybernews research team analysed the shared screenshots to confirm the credibility of the ransomware group’s claims. According to the team, the screenshots primarily show folder names containing alleged customer names, suggesting the database may include client data. Other folders appear to reference various marketing and research materials.

 

Acknowledging the reports of the data security incident, in a statement, the company said it is investigating the claims of the ransomware group.

 

“Iron Mountain confirms that it was alerted about a cybersecurity issue emanating from a cyber criminal organisation, and we are currently assessing the situation.

 

“No customer confidential or sensitive information has been involved. A single compromised login credential was used to gain access to one folder, consisting primarily of marketing materials shared with third-party vendors on a public-facing file-sharing site.

 

“At this time, we also confirm that no Iron Mountain systems have been breached, and there is no ransomware or malware involvement, or any other cyber activity, beyond the compromised folder credential, which has since been deactivated,” Iron Mountain added.