Everest Ransomware Claims Breach of Legacy Polycom Systems, Threatens Data Leak
The Everest ransomware group has asserted responsibility for a data breach involving legacy systems tied to Polycom, the enterprise communications brand acquired by HP Inc. in 2022 and rebranded as HP Poly. The group alleges it exfiltrated approximately 90GB of internal data, though evidence suggests the material may originate from pre-acquisition Polycom engineering or development environments rather than HP’s current infrastructure.
In a post on its dark web leak site, Everest described the stolen data as a database and internal company documentation, including file directories, engineering build environments, source code trees, software logs, and technical documentation related to Polycom’s conferencing platforms, such as RMX and RealPresence systems. Screenshots shared by the group display filenames dated between 2017 and 2019, reinforcing the likelihood that the compromised data stems from legacy Polycom systems predating HP’s acquisition. Notably, the leaked images do not contain customer personal data or sensitive user information.
Everest has set a 9-day countdown, threatening to publish the data if its demands are not met. However, the group has not provided metadata or timestamps confirming when the systems were accessed or whether they remained active at the time of exfiltration. HP Inc. has not publicly confirmed the breach, and there is no indication that current HP Poly production systems, customer services, or active environments were affected.
Polycom has undergone multiple corporate transitions, including acquisition by Plantronics in 2018, rebranding as Poly in 2019, and subsequent integration into HP Inc. in 2022. Legacy domains, such as polycom.com, now redirect to HP-managed platforms.
Everest, one of the most active ransomware groups in 2025 and 2026, has previously claimed high-profile attacks on organizations including McDonald’s India, Nissan, ASUS, Chrysler, Iberia Airlines, Under Armour, Petrobras, AT&T, and Dublin Airport. HP Inc. was contacted for comment on February 2, 2026, but had not responded at the time of publication. The claims remain unverified by independent sources.
Source: https://hackread.com/everest-ransomware-data-theft-legacy-polycom-system/
Polycom TPRM report: https://www.rankiteo.com/company/polycompany
HP Inc. TPRM report: https://www.rankiteo.com/company/hp
"id": "hppol1770123179",
"linkid": "hp, polycompany",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'None (no customer data '
'compromised)',
'industry': 'Enterprise communications, conferencing '
'technology',
'name': 'Polycom (legacy systems, now HP Poly)',
'type': 'Subsidiary (acquired by HP Inc.)'}],
'customer_advisories': 'No advisories issued (no customer impact)',
'data_breach': {'data_exfiltration': 'Yes (90GB exfiltrated)',
'file_types_exposed': ['File directories',
'Logs',
'Documentation'],
'personally_identifiable_information': 'None',
'sensitivity_of_data': 'Internal/proprietary (not '
'customer-facing)',
'type_of_data_compromised': ['Engineering build environments',
'Source code trees',
'Software logs',
'Technical documentation']},
'date_publicly_disclosed': '2026-02-02',
'description': 'The Everest ransomware group has asserted responsibility for '
'a data breach involving legacy systems tied to Polycom, the '
'enterprise communications brand acquired by HP Inc. in 2022 '
'and rebranded as HP Poly. The group alleges it exfiltrated '
'approximately 90GB of internal data, including file '
'directories, engineering build environments, source code '
'trees, software logs, and technical documentation related to '
'Polycom’s conferencing platforms (e.g., RMX and RealPresence '
'systems). The data appears to originate from pre-acquisition '
'Polycom systems (2017–2019) and does not contain customer '
'personal data or sensitive user information. Everest has '
'threatened to publish the data if ransom demands are not met '
'within 9 days. HP Inc. has not publicly confirmed the breach, '
'and there is no indication that current HP Poly production '
'systems were affected.',
'impact': {'brand_reputation_impact': 'Potential reputational risk due to '
'legacy data exposure',
'data_compromised': '90GB of internal data (engineering build '
'environments, source code trees, software '
'logs, technical documentation)',
'identity_theft_risk': 'None (no customer personal data '
'compromised)',
'operational_impact': 'No impact on current HP Poly production '
'systems or customer services',
'payment_information_risk': 'None (no payment information '
'compromised)',
'systems_affected': 'Legacy Polycom systems (pre-2022 '
'acquisition)'},
'investigation_status': 'Unverified (claims not independently confirmed)',
'motivation': 'Financial gain (ransom)',
'ransomware': {'data_exfiltration': 'Yes (90GB exfiltrated)',
'ransom_demanded': 'Not specified',
'ransomware_strain': 'Everest'},
'references': [{'date_accessed': '2026-02-02',
'source': 'Everest ransomware group (dark web leak site)'}],
'response': {'communication_strategy': 'No public confirmation from HP Inc. '
'as of February 2, 2026'},
'threat_actor': 'Everest Ransomware Group',
'title': 'Everest Ransomware Claims Breach of Legacy Polycom Systems, '
'Threatens Data Leak',
'type': 'Ransomware'}