• Home
  • cyber
  • Nissan: Hackers claim 1.4 TB theft from Iron Mountain, major data management company
cyber Ransomware

Nissan: Hackers claim 1.4 TB theft from Iron Mountain, major data management company

Feb 2, 2026 2 min read
Nissan: Hackers claim 1.4 TB theft from Iron Mountain, major data management company

Everest Ransomware Gang Claims 1.4 TB Data Breach from Iron Mountain

The Russia-linked Everest ransomware gang has alleged a major data breach at Iron Mountain, an S&P 500 information management company specializing in records storage, data backup, and secure document destruction. The attackers claim to have exfiltrated 1.4 TB of internal documents and client data, posting screenshots on their dark web leak site as proof.

The breach, first reported on February 3, remains unconfirmed by Iron Mountain, which stated that only a single compromised login credential was used to access a public-facing file-sharing folder containing primarily marketing materials shared with third-party vendors. The company denied that any customer-sensitive or confidential information was involved but acknowledged it was assessing the situation.

Everest, known for high-profile attacks since July 2021, has set a February 11 deadline on its dark web post, a common tactic to pressure victims into paying ransom. The screenshots shared by the group show folder names linked to clients, including potential movie studios and jewelry firms, though the exact contents remain unverified. While no downloadable data has been released, the threat of exposure could have significant reputational and operational consequences for Iron Mountain, which stores valuable intellectual property, master recordings, and trade secrets for global clients.

Iron Mountain, founded in a nuclear-resistant former iron mine, operates worldwide with over 11,000 employees and reported $6 billion in revenue in 2024. If confirmed, the breach could undermine trust in its security measures, particularly given its role as a data vault for high-profile industries. The company has not yet verified whether the attackers accessed core storage systems or limited their intrusion to the exposed folder.

As of now, the extent of the breach and whether client data was truly compromised remains unclear. Iron Mountain has not disclosed whether it has engaged with the attackers or if a ransom demand was made. The incident follows Everest’s recent targeting of major corporations, including Nissan, ASUS, and Petrobras.

Source: https://cybernews.com/security/iron-mountain-data-breach-claims/

Nissan Motor Corporation cybersecurity rating report: https://www.rankiteo.com/company/nissan-motor-corporation

"id": "NIS1770195145",
"linkid": "nissan-motor-corporation",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Information management, records storage, '
                                    'data backup, secure document destruction',
                        'location': 'Worldwide',
                        'name': 'Iron Mountain',
                        'size': '11,000+ employees',
                        'type': 'Corporation'}],
 'attack_vector': 'Compromised login credential',
 'data_breach': {'data_exfiltration': '1.4 TB claimed',
                 'sensitivity_of_data': 'Potential intellectual property, '
                                        'master recordings, and trade secrets '
                                        '(unverified)',
                 'type_of_data_compromised': ['Internal documents',
                                              'Client data']},
 'date_detected': '2024-02-03',
 'date_publicly_disclosed': '2024-02-03',
 'description': 'The Russia-linked Everest ransomware gang has alleged a major '
                'data breach at Iron Mountain, an S&P 500 information '
                'management company. The attackers claim to have exfiltrated '
                '1.4 TB of internal documents and client data, posting '
                'screenshots on their dark web leak site as proof. Iron '
                'Mountain has acknowledged a single compromised login '
                'credential was used to access a public-facing file-sharing '
                'folder but denies customer-sensitive or confidential '
                'information was involved.',
 'impact': {'brand_reputation_impact': 'Potential undermining of trust in '
                                       'security measures',
            'data_compromised': '1.4 TB of internal documents and client data',
            'operational_impact': 'Potential reputational and operational '
                                  'consequences',
            'systems_affected': 'Public-facing file-sharing folder'},
 'initial_access_broker': {'entry_point': 'Compromised login credential'},
 'investigation_status': 'Ongoing',
 'motivation': 'Extortion',
 'post_incident_analysis': {'root_causes': 'Single compromised login '
                                           'credential accessing a '
                                           'public-facing file-sharing folder'},
 'ransomware': {'data_exfiltration': '1.4 TB claimed',
                'ransomware_strain': 'Everest'},
 'references': [{'source': 'Dark web leak site (Everest ransomware gang)'}],
 'response': {'communication_strategy': 'Public statement acknowledging the '
                                        'incident and assessing the situation'},
 'threat_actor': 'Everest ransomware gang',
 'title': 'Everest Ransomware Gang Claims 1.4 TB Data Breach from Iron '
          'Mountain',
 'type': 'Ransomware',
 'vulnerability_exploited': 'Public-facing file-sharing folder'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.