The Everest ransomware group has claimed responsibility for a data breach involving systems linked to Polycom, a legacy enterprise communications brand that was acquired by HP Inc. in 2022 and rebranded as Poly (HP Poly).
The group alleges it obtained approximately 90GB of internal data. However, available evidence suggests the material may originate from legacy Polycom engineering or development environments that predate HP Inc.’s acquisition of the company.
According to statements posted on Everest’s dark web leak site, the data is described as a database and internal company documentation. The group claims the files originate from Polycom-related environments and has threatened to publish the data after a 9-day countdown if its demands are not met.
To support its claims, Everest has released a series of screenshots that it says demonstrate access to internal systems. The images appear to show internal file directories, engineering build environments, source code trees, software logs, and technical documentation linked to Polycom’s conferencing platforms, including RMX and RealPresence systems. The screenshots do not display customer personal data or sensitive user information.
It is also worth pointing out that several filenames visible in the screenshots reference dates from 2017 to 2019, including build files and debug logs, indicating the material may originate from legacy Polycom environments created before HP Inc.’s acquisition.
While several filenames reference dates from 2017 to 2019, the screenshots do not include metadata or indicators showing when the data was accessed or exfiltrated, or whether the systems were still active or connected at the time. There is currently also no indication that HP Inc.’s current production systems, HP Poly environments, or customer services were affected.
About Polycom
Polycom has undergone multiple corporate transitions in recent years. The company was acquired by Plantronics in 2018, rebranded as Poly in 2019, and later acquired by HP Inc. in 2022.
Since then, Poly’s products and services have been consolidated under the HP umbrella, with legacy Polycom and Poly domains (polycom.com) redirecting to HP-managed platforms (hp.com/us-en/poly.html).
At the time of writing, HP Inc. has not publicly commented on the ransomware group’s claims, and there has been no confirmation of a breach. As with other ransomware disclosures, the claims originate solely from the threat actor and have not been independently verified.
About Everest Ransomware
Everest ransomware was one of the most active ransomware groups in 2025, and it appears to be continuing that momentum in 2026. So far, the group has claimed attacks on major organizations, including McDonald’s India, Nissan, ASUS, Chrysler, Iberia Airlines, Under Armour, Petrobras, AT&T, Dublin Airport, and others.
Hackread contacted HP Inc. via official support channels on February 2, 2026. HP support acknowledged the inquiry and said they would check with the concerned team and get back with an update. No response had been received at the time of publication.