Everest ransomware claims major data theft from McDonald's India division
News22 Jan 2026
The Everest ransomware gang claimed Tuesday that it breached the systems of global fast food giant McDonald’s Indian division and exfiltrated over 860 GB of data, including customers’ personal information.
The ransomware group, believed to be based in Russia, made the announcement on its dark web page on January 20th, stating that it now holds 861 gigabytes of data taken from McDonald’s systems, including internal company documents, financial data and the personal data of its customers.
The ransomware group, believed to be based in Russia, made the announcement on its dark web page on January 20th, stating that it now holds 861 gigabytes of data taken from McDonald’s systems, including internal company documents, financial data and the personal data of its customers.
The Everest Ransomware Group group claims to have breached McDonald's India 🇮🇳, ASRock Rack 🇹🇼, GIBSIN Engineers 🇹🇼, WANCHI STEEL INDUSTRIAL 🇹🇼, Reeves Information Technology 🇺🇸, and GC Accounting 🇬🇧. https://t.co/bgsAbikocw pic.twitter.com/sYu7rHBXpK
— Dark Web Intelligence (@DailyDarkWeb) January 20, 2026
“Personal data of your customers and internal documents were leaked into our storage," the group wrote. The leak of your internal company documents contains a huge variety of personal documents and information of clients.”
Given the way it operates, the ransomware gang published a sample of the stolen data to legitimise its claim and to blackmail McDonald’s into paying a ransom to prevent the rest of the stolen data from going public.
The Everest group did not state the quantum of ransom it has demanded from the fast food giant, not did it state how long the company has to meet the ransom demand, though it did put a timer in its post.
According to Cybernews, the data samples shared by the operators of Everest appear to be dated between 2017 and 2019, indicating that the stolen information was obtained from an older database.
McDonald’s India is yet to issue a statement to confirm or deny the ransomware attack. The company operates in India through two franchise partnerships with Connaught Plaza Restaurants Private Limited and Hardcastle Restaurants Private Limited which cover separate regions and zones. Hardcastle Restaurants alone caters to more than 200 million customers annually.
The Everest group’s claims of breaching the fast food giant came not long after it also claimed to have stolen about 900 GB of data from the systems of Nissan Motor Corporation. Samples of the stolen data published by the hacker group included internal documentation, marketing, sales and order information.
Related Articles
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543