Iron Mountain, a major data storage and recovery services provider serving over 240,000 customers globally including 95% of the Fortune 1000, has confirmed a security incident following claims by the Everest extortion group that it stole 1.4 terabytes of internal company documents containing personal information on clients. The company, which specializes in data centers and records management across more than 61 countries, characterised the breach as limited in scope and consisting primarily of marketing materials. According to Iron Mountain’s statement, attackers used compromised credentials to access a single folder on a public-facing file-sharing server, with no ransomware deployment or intrusion into other company systems.
Iron Mountain emphasised that no customer confidential or sensitive information was involved in the incident, explaining that the compromised folder contained mainly marketing materials shared with third-party vendors. The company has since deactivated the compromised login credential and confirmed there was no ransomware, malware, or additional cyber activity beyond the credential breach.
The incident represents a typical operation for the Everest cybercrime group, which emerged in 2020 and has evolved from deploying ransomware to focusing on data-theft-only corporate extortion tactics, threatening to publish stolen files unless victims pay ransoms.
The Everest operation has established itself as both an extortion group and an initial access broker, selling access to breached corporate networks to other threat actors while maintaining a leak portal that has listed hundreds of victims over the past five years in double-extortion attacks.