diff --git a/services/backup/src/database/backup_item.rs b/services/backup/src/database/backup_item.rs
--- a/services/backup/src/database/backup_item.rs
+++ b/services/backup/src/database/backup_item.rs
@@ -1,3 +1,4 @@
+use crate::constants::backup_table;
 use aws_sdk_dynamodb::types::AttributeValue;
 use chrono::{DateTime, Utc};
 use comm_lib::{
@@ -6,8 +7,6 @@
 };
 use std::collections::HashMap;
 
-use crate::constants::backup_table;
-
 #[derive(Clone, Debug)]
 pub struct BackupItem {
   pub user_id: String,
@@ -36,17 +35,21 @@
     }
   }
 
-  pub async fn revoke_holders(self, blob_client: &BlobServiceClient) {
-    blob_client
-      .schedule_revoke_holder(self.user_keys.blob_hash, self.user_keys.holder);
+  pub fn revoke_holders(&self, blob_client: &BlobServiceClient) {
+    blob_client.schedule_revoke_holder(
+      &self.user_keys.blob_hash,
+      &self.user_keys.holder,
+    );
 
-    blob_client
-      .schedule_revoke_holder(self.user_data.blob_hash, self.user_data.holder);
+    blob_client.schedule_revoke_holder(
+      &self.user_data.blob_hash,
+      &self.user_data.holder,
+    );
 
-    for attachment_info in self.attachments {
+    for attachment_info in &self.attachments {
       blob_client.schedule_revoke_holder(
-        attachment_info.blob_hash,
-        attachment_info.holder,
+        &attachment_info.blob_hash,
+        &attachment_info.holder,
       );
     }
   }
diff --git a/services/backup/src/database/log_item.rs b/services/backup/src/database/log_item.rs
--- a/services/backup/src/database/log_item.rs
+++ b/services/backup/src/database/log_item.rs
@@ -54,6 +54,20 @@
     )
   }
 
+  pub fn revoke_holders(&self, blob_client: &BlobServiceClient) {
+    if let BlobOrDBContent::Blob(content_info) = &self.content {
+      blob_client
+        .schedule_revoke_holder(&content_info.blob_hash, &content_info.holder);
+    }
+
+    for attachment_info in &self.attachments {
+      blob_client.schedule_revoke_holder(
+        &attachment_info.blob_hash,
+        &attachment_info.holder,
+      );
+    }
+  }
+
   pub fn item_key(
     user_id: impl Into<String>,
     backup_id: impl Into<String>,
diff --git a/services/backup/src/database/mod.rs b/services/backup/src/database/mod.rs
--- a/services/backup/src/database/mod.rs
+++ b/services/backup/src/database/mod.rs
@@ -10,8 +10,12 @@
   operation::get_item::GetItemOutput,
   types::{AttributeValue, DeleteRequest, ReturnValue, WriteRequest},
 };
-use comm_lib::database::{
-  self, batch_operations::ExponentialBackoffConfig, parse_int_attribute, Error,
+use comm_lib::{
+  blob::client::BlobServiceClient,
+  database::{
+    self, batch_operations::ExponentialBackoffConfig, parse_int_attribute,
+    Error,
+  },
 };
 use tracing::{error, trace, warn};
 
@@ -118,6 +122,7 @@
     &self,
     user_id: &str,
     backup_id: &str,
+    blob_client: &BlobServiceClient,
   ) -> Result<Option<BackupItem>, Error> {
     let item_key = BackupItem::item_key(user_id, backup_id);
 
@@ -140,7 +145,13 @@
       .transpose()
       .map_err(Error::from)?;
 
-    self.remove_log_items_for_backup(user_id, backup_id).await?;
+    if let Some(backup_item) = &result {
+      backup_item.revoke_holders(blob_client);
+    }
+
+    self
+      .remove_log_items_for_backup(user_id, backup_id, blob_client)
+      .await?;
 
     Ok(result)
   }
@@ -150,6 +161,7 @@
   pub async fn remove_old_backups(
     &self,
     user_id: &str,
+    blob_client: &BlobServiceClient,
   ) -> Result<Vec<BackupItem>, Error> {
     let response = self
       .client
@@ -201,8 +213,9 @@
 
       trace!("Removing backup item: {item:?}");
 
-      if let Some(backup) =
-        self.remove_backup_item(user_id, &item.backup_id).await?
+      if let Some(backup) = self
+        .remove_backup_item(user_id, &item.backup_id, blob_client)
+        .await?
       {
         removed_backups.push(backup);
       } else {
@@ -291,6 +304,7 @@
     &self,
     user_id: &str,
     backup_id: &str,
+    blob_client: &BlobServiceClient,
   ) -> Result<(), Error> {
     let (mut items, mut last_id) =
       self.fetch_log_items(user_id, backup_id, None).await?;
@@ -302,6 +316,10 @@
       last_id = new_last_id;
     }
 
+    for log_item in &items {
+      log_item.revoke_holders(blob_client);
+    }
+
     let write_requests = items
       .into_iter()
       .map(|key| {
diff --git a/services/backup/src/http/handlers/backup.rs b/services/backup/src/http/handlers/backup.rs
--- a/services/backup/src/http/handlers/backup.rs
+++ b/services/backup/src/http/handlers/backup.rs
@@ -95,13 +95,10 @@
     attachment_revoke.cancel();
   }
 
-  for backup in db_client
-    .remove_old_backups(&user.user_id)
+  db_client
+    .remove_old_backups(&user.user_id, &blob_client)
     .await
-    .map_err(BackupError::from)?
-  {
-    backup.revoke_holders(&blob_client).await;
-  }
+    .map_err(BackupError::from)?;
 
   Ok(HttpResponse::Ok().finish())
 }