How to Prevent Data Center Fires: Lessons from the Biggest Incidents

Organizations are often reluctant to share details about data center fires due to NDAs and PR concerns. As such, it is often difficult enough to trace instances of data center fires at all, unless reports to local fire departments or newsrooms have been made, or customers experience significant downtime and demand explanations.

This tendency to withhold detailed reports about data center fires might help companies protect their reputations, but it can also make it harder for data center operators to recognize vulnerabilities, learn from incidents, and implement measures to ensure the safety of their workers and customers.

According to an Uptime Institute blog post on data center fire frequency – which was written after a catastrophic fire destroyed OVHcloud’s data center in France in 2021 – there had been 11 reports of data center fires since its records began in 1994 – an average of 0.5 fires a year.

More recently, the data center standards organization said it identified 14 “high-profile data center outages” caused by fire or fire suppression systems between 2020 and early 2023.

While fires account for a relatively small percentage of incidents that impact data centers, their potential ramifications should not be overlooked. In addition to the dangers they pose to employees, data center fires can result in extended downtime. This can potentially cost companies millions of dollars and lead to serious inconveniences for customers, resulting in an erosion of trust.

Related:Data Center Disaster Recovery: Essential Measures for Business Continuity

While details can be scarce, Data Center Knowledge reviewed its archives to revisit major data center fires and power outages over the past decade. We also spoke with industry experts to provide insights that data center workers can use to assess vulnerabilities and develop critical safety plans to protect against future incidents.

A Google data center in Iowa (Image: Alamy)

1. Google Data Center Fire, Iowa

Just before noon on August 8th, 2022, a fire broke out in a large Google data center in Council Bluffs, Iowa. The fire, which was first reported as an “electrical incident,” was caused by an arc flash that sparked an explosion in a substation near the main data center building.

While not technically fire, an arc flash is an electrical explosion that generates heat upwards of 30,000 degrees Fahrenheit, potentially igniting materials and causing fires. The explosion occurred while three workers were accessing an electrical cabinet in the data center’s main room.

The fire injured three workers, who were taken to a nearby hospital for treatment. It occurred on the same day as outages of the company’s maps and search service, although Google said the two incidents were unrelated. 

Related:Incident Response: Lessons Learned from a Data Center Fire

The Council Bluffs data center is one of Google’s first facilities and one of the largest data center campuses in the world.

2. Evocative Data Center Fire, New Jersey

Firefighters responded to a fire at the Evocative data center facility in Secaucus, New Jersey, on October 12, 2023. The fire was contained to the uninterruptible power supply (UPS) area and was quickly extinguished. Regardless, it took its toll on the 105,000 sq.ft data center, which required a full power shutdown. Fortunately, no one was injured.

Evocative, formerly INAP, provides internet connectivity to many companies in the New York metro area.

A fire swept through OVHcloud’s SBG2 data center in Strasbourg, France, in 2021 (Image: Alamy)

3. OVHcloud Data Center Fire, France

A fire on March 10, 2021, destroyed one of OVHcloud’s Strasbourg data centers and part of a second one.

No OVH, firefighting, or local government services staff members were injured, the French cloud computing company said.

The fire destroyed OVH’s SBG2 data center completely and four rooms in SBG1, according to an incident report on the company’s website. UPS was down in the SBG3 facility, and the remaining SBG4 data center had “no physical impact.”

3. AT&T Data Center Fire, Texas

Related:The Biggest Threats to Data Center Uptime – and How to Overcome Them

AT&T users in the Dallas area lost internet and cable services after an “undetermined fire” broke out in an AT&T data center in Richardson, Texas center in Richardson, Texas, on October 15, 2018.

According to reports, the fire began at a power switch and caused customers up to 12 hours of downtime. The fire did not cause any injuries.

4. Fisher Plaza Data Center, Washington

Around noon on June 2, 2009, an electrical fire sparked inside Seattle’s Fisher Plaza data center, which housed the servers of popular sites like Adhost.com, Microsoft’s Bing Travel, Verizon, and payment portal Authorize.net.

All data center workers were evacuated, and no one was injured. However, the incident resulted in $6.8 billion in damages and downtime.

An investigation conducted by Power Science Engineering, a Washington-based engineering company, found that the fire was likely caused by inadequate insulation in an electrical duct connecting the building to the city power grid.

This wasn’t the first time Fisher Plaza had experienced power outages and electrical fires. Just a year earlier, a fire broke out in a garage-level electrical room, resulting in the real estate company Redfin going offline for five hours.

5. SK Inc. C&C Fire, South Korea

On October 15, 2021, a fire at the SK C&C data center in Pangyo, South Korea, affected two major tech companies, Kakao Corporation and Naver Corporation.

While Naver quickly restored its servers, Kakao faced prolonged outages, disrupting its messaging platforms, payment apps, and rideshare services for hours.

Despite having a disaster recovery protocol, Kakao's plan didn’t account for the power outage during the fire, delaying its recovery efforts. In response, Kakao established a ‘recurrence prevention committee’ to prevent similar incidents in the future.

A CO2 fire extinguishing system for a data center (Image: Alamy)

Building Resilience: Preventing Data Center Fires

The above examples are reminders that data center fires can break out unexpectedly and have a variety of causes, including arc flashes, faulty infrastructure, hardware failures, and human error.

While there are also unforeseen threats like natural disasters, there are many instances in which power failures and electrical fires might have been prevented. Ensuring infrastructure safety is key to mitigating the risk of data center fires.

Unfortunately, improving the safety of critical infrastructure often comes with a large price tag. According to Chris Brown, Uptime Institute’s chief technical operator, infrastructure safety is sometimes compromised due to budget constraints.

Read more of the latest data center security and risk management news

“Limited funds available and the need to invest in critical electrical and mechanical systems have resulted in funds needing to be pulled from other areas,” Brown said. “Additionally, in some areas, repurposing existing buildings is necessary due to a lack of space and the existing building structures may not have been originally designed to the levels most would consider necessary for a data center.”

He added: “More considerations and investments are needed in the actual structure but also the compartmentalization of complementary systems to ensure that fire is not allowed to propagate and also is not allowed to shut down the entire data center.”

Fighting Fires Through Compliance and Regulation

Over recent years, there has been a stronger push to create stronger compliance and regulation standards for data center infrastructure across the US and globally.

In December 2023, Colorado passed the Federal Data Center Enhancement Act, which outlined minimum standards of infrastructure resiliency in the event of cyber and physical attacks, as well as natural disasters.

In May 2024, Maryland passed the Critical Infrastructure Streamlining Act. The UK passed a similar bill, in January 2024, which introduced new regulations around reporting data center incidents and strengthened safety and infrastructure requirements.

Regulation and safety measures to increase infrastructure resiliency are key to mitigating data center disasters, but it’s also important to remember that some incidents are unavoidable. This makes it imperative to have emergency protocols that facilitate a safe and efficient recovery.

How quickly data centers and user service can be restored often depends on the protocols and disaster recovery plans of the operator. Data center disaster recovery plans include disaster recovery teams, risk assessment, redundant infrastructure, and backup power generators, which protect data and reduce downtime.

Key elements of a data center disaster recovery plan. The information in this image is reproduced with kind permission from SANS Institute.

Staying on the Ball

Disaster recovery plans are not just documents and protocols. They also involve strong partnerships between data center operators and their customers. Krista Shepard, a spokesperson for Cologix, a data center developer, said disaster recovery plans are not ‘set-it-and-forget-it’ measures, but living documents that must be adaptable to match a constantly evolving landscape.

“The ability to swiftly restore operations in the event of a catastrophic event requires data backups in secure offsite locations,” Shepard told Data Center Knowledge. “It also requires rigorous testing, drilling, and proactive collaboration to ensure the disaster recovery plan is implemented as seamlessly as possible to spare valuable time and resources in the event of a catastrophic loss.

She added: “It’s important to periodically update and refine disaster recovery plans as your business and technology evolve, and to adapt to changing environmental and weather conditions.”