Hackers claim 1.4 TB theft from Iron Mountain, major data management company

A Russia-linked attacker group says they accessed a huge database of the S&P 500 company, allegedly accessing company and client data. The attached data sample provides some insight into the claimed data breach. Iron Mountai says the company is "assessing the situation."

Everest ransomware gang posted Iron Mountain on its dark web leak site, which it uses to showcase and threaten its latest victims. The post says attackers accessed internal documents with a “variety of personal documents and information of clients,” totalling 1.4 TB of data.

Iron Mountain is a major information management company, providing records management, data backup, and information destruction services. The company handles digital as well as physical data.

After the article went live, the company issued a public statement, saying that "Iron Mountain confirms that it was alerted about a cybersecurity," and that the company is "assessing the situation."

“No customer confidential or sensitive information has been involved. A single compromised login credential was used to gain access to one folder, consisting primarily of marketing materials shared with third-party vendors on a public-facing file-sharing site,” Iron Mountain said.

The company added that Iron Mountain systems were not breahced, and no ransomwar was deployed on its network.

What Iron Mountain data attacker allegedly stole?

Meanwhile, the Cybernews research team investigated information that attackers attached to their dark web post. Everest did not provide any downloadable data, only sharing screenshots of the supposedly breached database. Not sharing the data is a common tactic for ransomware cartels, which serves as a warning shot, supposed to convince companies to pay the ransom.

According to the team, the screenshots mostly consist of folder names with alleged customer names, implying the database holds some client data. Other folder names point to various marketing and research materials.

As Iron Mountain serves as a data vault, its customers could be storing extremely valuable data, documents, and intellectual property. Based on the names listed, the data could have anything from movie studio materials to jewelry-related data.

“However, the folder naming only states the client name, so this does not really confirm what kind of customer data is present. There’s no way of knowing Everest is not advertising contact information or contract details,” the team explained.

If confirmed, the attack could have serious ramifications for Iron Mountain’s reputation as well as client data. However, as of now, there’s no way to assess the real exposure of the company. At the same time, Everest added a countdown clock to the post, which is set to expire on February 11th.

Iron Mountain is a global enterprise information management company, which was set up in a depleted iron core mine, capable of surviving a nuclear attack. Currently, the company operates numerous locations all over the world.

The company houses master recordings for major recording labels, with some locations equipped with full studios, so that recordings would not have to ever leave the premises. Iron Mountain’s reported revenue exceeded $6 billion in 2024, with a workforce of over 11,000.

Attackers behind the alleged Iron Mountain data breach are Everest, which is among the most notorious cyber cartels currently operating. Believed to be related to Russia, the Everest gang first emerged on the scene in July 2021.

Over the past year, Everest targeted the multinational electronics giant ASUS, Brazilian petroleum giant Petrobras, Japanese auto manufacturing giant Nissan, and fast food giant McDonald’s in India.

Updated on February 3rd [11:00 a.m. GMT] with a statement from Iron Mountain.

---

Unlock more exclusive Cybernews content on YouTube