[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Iron Mountain doesn't take physical security seriously

To: fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] Iron Mountain doesn't take physical security seriously
From: Todd Weiler <tweiler@xxxxxxxxxxxxx>
Date: Mon, 07 Jul 2014 01:48:30 -0700

Just this week at $CLIENT, we were considering making use of Iron
Mountain. I hadn't really thought about it, as others were to do the
leg-work.

But thank goodness, for this email thread. I can't think of a better
validation of the benefits of full disclosure than this.  

Todd


On Sat, Jul 5, 2014, at 06:57 PM, Sanguinarious wrote:
> What is it with this company and warehouse fires / arson? Like
> seriously? Anyone else find that incredibly odd considering? It
> doesn't give me confidence whatever they provide for storage
> considering it might go up in flames in a year or two.
> 
> On Thu, Jul 3, 2014 at 8:40 AM, Hinky Dink <dink@xxxxxxxxxxxxxxx> wrote:
> >
> > You might want to check out this:
> >
> > http://en.wikipedia.org/wiki/Iron_Mountain_Incorporated#Data_losses
> >
> > $DAYJOB dropped Iron Mountain long ago.
> >
> > On 6/30/2014 3:41 PM, freddielarge@xxxxxxx wrote:
> >> Went down into my office's lobby today and saw a few dozen boxes of
> >> confidential papers belonging to another company sitting there unguarded
> >> and not secured. The Iron Mountain guys were out front, but weren't
> >> keeping an eye on the boxes at all. I was able to open the boxes and
> >> snap a few pictures of the file labels for evidence. There were old
> >> employee records, I-9s, all sorts of very confidential stuff just
> >> sitting there in the lobby. Came back an hour or so later from lunch and
> >> some of the boxes were still there with nobody watching them.
> >>
> >> http://i.imgur.com/YvZKBb6.jpg
> >>
> >> http://i.imgur.com/9bTDrRE.jpg
> >>
> >> Very disturbing to see this kind of mistake in a well-known security
> >> company.
> >>
> >> _______________________________________________
> >> Sent through the Full Disclosure mailing list
> >> http://nmap.org/mailman/listinfo/fulldisclosure
> >> Web Archives & RSS: http://seclists.org/fulldisclosure/
> >>
> >
> >
> > _______________________________________________
> > Sent through the Full Disclosure mailing list
> > http://nmap.org/mailman/listinfo/fulldisclosure
> > Web Archives & RSS: http://seclists.org/fulldisclosure/
> 
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] Iron Mountain doesn't take physical security seriously
  - From: freddielarge
- Re: [FD] Iron Mountain doesn't take physical security seriously
  - From: Hinky Dink
- Re: [FD] Iron Mountain doesn't take physical security seriously
  - From: Sanguinarious

Prev by Date: [FD] Resubmission of exploits
Next by Date: Re: [FD] new pen-test tool!
Previous by thread: Re: [FD] Iron Mountain doesn't take physical security seriously
Next by thread: [FD] IDGuard v0.60
Index(es):
- Date
- Thread