Everest Ransomware Group Claims Massive Data Breach at McDonald’s India
In a significant cybersecurity incident, the Everest ransomware group has alleged a substantial data breach targeting McDonald’s India, claiming to have exfiltrated 861 GB of sensitive data. The group announced the breach on their dark web leak site on January 20, 2026, threatening to publicly release the stolen information if the company does not respond within a specified deadline.
According to the group’s claims, the compromised data includes a vast array of internal company documents and personal information of customers. The attackers stated that personal data of your customers and internal documents were leaked into our storage, encompassing a huge variety of personal documents and information of clients. This data reportedly contains internal records that could pose significant risks for identity theft and targeted phishing campaigns across the region.
Background on Everest Ransomware Group
Emerging in December 2020, the Everest ransomware group is a Russian-speaking operation initially focusing on data exfiltration before evolving to full ransomware capabilities with dual AES/DES encryption by early 2021. The group is notorious for its pure extortion tactics, specializing in stealing and selling sensitive corporate data rather than merely encrypting files. Recent high-profile victims include ASUS, Nissan Motor Corporation (900 GB stolen in January 2026), and Dublin Airport (1.5 million passenger records compromised in October 2025).
McDonald’s India Operations
McDonald’s India operates through two business entities: Connaught Plaza Restaurants for North and East India, and Hardcastle Restaurants for West and South India. Since its establishment in 1996, the company has served millions of customers across the country. This incident marks another cybersecurity challenge for McDonald’s Indian operations, which previously experienced data security issues in 2017 and 2024.
Potential Implications
The alleged breach could have far-reaching consequences for both McDonald’s India and its customers. The exposure of personal customer data increases the risk of identity theft and targeted phishing attacks. Additionally, the release of internal company documents could potentially harm McDonald’s competitive position and operational integrity.
Response and Recommendations
As of now, McDonald’s India has not confirmed the breach. It is crucial for the company to conduct a thorough investigation to verify the claims and assess the extent of the potential data exposure. Customers are advised to remain vigilant for any suspicious communications and to monitor their financial accounts for unusual activity.
This incident underscores the importance of robust cybersecurity measures and the need for organizations to stay ahead of evolving cyber threats.
