What Happened
In early 2026, the Everest ransomware group claimed responsibility for a data breach targeting legacy Polycom systems (polycom.com), now part of HP Inc.’s Poly subsidiary following its 2022 acquisition, alleging the theft of approximately 90GB of internal data including engineering files, source code, software logs, technical documentation, and screenshots of conferencing platforms like RMX and RealPresence, with file dates from 2017-2019 suggesting pre-acquisition origins and no evidence of customer personal data exposure. The group posted proof-of-access screenshots on its dark web leak site, including chip photos and code listings, and threatened publication after a 9-day countdown if demands were unmet, though claims remain unverified by independent sources. HP acknowledged the allegations, launched an investigation, and stated no evidence of compromise to current production systems or customer data was found as of February 2026, with no public confirmation of the breach occurring. No specific record count was reported, and the incident appears limited to outdated environments rather than active HP Poly operations.
