The notorious Everest ransomware group is claiming to have breached McDonald’s India, the Indian subsidiary of the American fast-food giant. The claim was published on the group’s official dark web leak site earlier today, January 20, 2026, stating that they exfiltrated a massive 861 GB of customer data and internal company documents.
As reviewed by Hackread.com, the group also published internal screenshots to support the authenticity of its claims. A closer look at these screenshots reveals financial reports from 2023 to 2026, audit trails, cost tracking sheets, ERP migration files, pricing data, and other sensitive internal communications.
Several directories are labeled with month-by-month breakdowns, indicating what appears to be structured access to accounting or enterprise resource planning systems. One directory titled “Investor Info” suggests that the breach may also include confidential board-level material.
More notably, one spreadsheet labeled “Contact Database” contains detailed information on investors and business partners, including names, mailing addresses, phone numbers, and email addresses across the US, UK, Singapore, and India.
Another screenshot lists internal store-level data, including manager names, company-issued email addresses under mcdonaldsindia.com, and direct contact numbers for dozens of outlet locations.
Everest further claims that customer data is part of the breach and has issued a two-day deadline for the company to respond. As of now, McDonald’s India has not issued any official statement. Until verified by the company or confirmed through further evidence, these claims should be treated as unverified.
Nonstop Breaches by Everest
Everest ransomware was one of the most active ransomware groups in 2025, and it appears to be continuing that momentum in 2026. So far, the group has claimed attacks on major organizations, including Nissan, ASUS, Chrysler, Iberia Airlines, Under Armour, Petrobras, AT&T, Dublin Airport, and others.
Nevertheless, Hackread.com is actively monitoring the situation for further developments. McDonald’s India has been contacted for comment regarding the alleged breach, but no official response has been received at the time of writing.