Dear supporters,
I wanted to share a quick update.
Thank you to Resource Recycling for covering this important story. Here is a link to the article:
I also want to thank i-SIGMA, e-Stewards, and SERI for launching investigations into this troubling incident.
A certified vendor stole and sold thousands of computers containing sensitive data for over a year. Certified vendors must notify clients when equipment—and the data on it—is stolen. Business Associates are required to report breaches to Covered Entities. Acquisitions do not absolve anyone of this duty.
To date, no public disclosure was made, leaving organizations unaware of their exposure and unable to fulfill regulatory obligations. This case has been prosecuted, and court documents containing evidence are publicly available.
Key questions remain:
🔍 Did Iron Mountain know about the Wisetek driver theft before the acquisition?
🔍 Were all affected clients properly notified?
🔍 What oversight mechanisms need strengthening to prevent this from happening again?
We appreciate the commitment to upholding the standards we all depend on and look forward to the findings of your impartial reviews.
More to come as we continue pushing for clarity and action.
Thank you again for your support,
Kyle Marks
Don't Risk It. Retire-IT!
(614) 313-9296 Mobile
kmarks@retire-it.com
Please email support@retire-it.com if you have any urgent requests.