The Everest ransomware group has claimed responsibility for the breach against the global information management and storage firm Iron Mountain, stating that it stole approximately 1.4 terabytes of the firm’s internal and customer data.
The claims were made through the group’s posts on the dark web forums.
The images provided by the attackers reveal that the names of several directories contain the names of potential customer accounts and organizational documents.
The ransom demand deadline is set for 11 February. Currently, no official statements have been provided by the firm regarding the breach or its potential extent.
Iron Mountain manages various types of information, including physical and digital, for a broad range of firms, including sensitive intellectual properties and confidential records.
The breach was reported after researchers claimed that the ShinyHunters group breached approximately 100 organizations through an Okta SSO exploitation campaign, with Iron Mountain being among the breached entities.
John Carberry, Solution Sleuth, at Xcape Inc, says the incident underscores a significant threat to an organization that safeguards the world’s most sensitive physical and digital information. “Reports suggest that approximately 1.4 terabytes of data were taken, including internal documents and customer account details, which could lead to widespread and damaging supply chain attacks.”
He says to address these dangers, companies need to focus on robust identity and access control systems, given recent findings of targeted attacks on single sign-on (SSO) platforms. “Establishing solid network segmentation and adopting a Zero Trust approach can help stop attackers from spreading further within a network after they have gained initial access.”
Also, Carberry advises to regularly check dark web forums to spot early signs of leaked login details or data being sold. “Iron Mountain and its partners must quickly replace all encryption keys and ensure multi-factor authentication is used in all their services.
“Businesses in similar situations should treat SSO platforms and identity providers as critical assets and strengthen them with secure, phishing-resistant multi-factor authentication, ongoing access checks, and real-time monitoring for unusual activity,” he adds.
“Separating customer data, limiting access to only what is necessary, and keeping logs that cannot be changed are essential for reducing the impact of compromised identities. Equally important, organizations should practice responding to breaches by preparing for coordinated public disclosure, legal preparedness, and communicating with customers under the tight timelines often seen in ransomware cases. When the world’s vault is cracked, everyone’s secrets are in the recycling bin.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.