The Everest ransomware group has claimed accountability for a significant cyberattack focusing on McDonald’s India, allegedly exfiltrating 861 GB of delicate information.
The risk actors posted particulars of the breach on their darkish internet leak web site on January 20, 2026, threatening to publicly launch the stolen data if the corporate fails to reply inside a specified deadline.
In response to the ransomware group’s claims, the breach compromised a large quantity of inner firm paperwork and buyer private information.
The attackers said that “private information of your clients and inner paperwork had been leaked into our storage,” together with a “big number of private paperwork and knowledge of shoppers”.
The stolen information reportedly incorporates inner information that would pose important dangers for id theft and focused phishing campaigns throughout the area.
Everest is a Russian-speaking ransomware operation that emerged in December 2020, initially specializing in information exfiltration earlier than evolving to full ransomware capabilities with twin AES/DES encryption by early 2021.
The group is well-known for “pure extortion” techniques, specializing in stealing and promoting delicate company information slightly than simply encrypting recordsdata. Current high-profile victims embody ASUS, Nissan Motor Company (900 GB stolen in January 2026), and Dublin Airport (1.5 million passenger information compromised in October 2025).
McDonald’s India has not but confirmed the breach. The corporate operates in India by way of two enterprise entities: Connaught Plaza Eating places for North and East India, and Hardcastle Eating places for West and South India, serving hundreds of thousands of shoppers since 1996.
This incident marks one other cybersecurity problem for the fast-food big’s Indian operations, which beforehand skilled information safety points in 2017 and 2024.
Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
