The Everest ransomware group has claimed responsibility for a major cyberattack targeting McDonald’s India, allegedly exfiltrating 861 GB of sensitive corporate and customer data.
The threat actors posted breach details on their dark web leak site on January 20, 2026, threatening public release if McDonald’s fails to respond within their specified deadline.
Scope of Alleged Data Breach
According to the ransomware group’s claims, the breach compromised a massive volume of internal company documents and personal customer information.
The attackers stated that “personal data of your customers and internal documents were leaked into our storage,” including a “huge variety of personal documents and information of clients.”
The stolen data reportedly contains internal records that could enable identity theft and targeted phishing campaigns across India’s customer base.
Everest is a Russian-speaking ransomware operation that emerged in December 2020, initially focusing on data exfiltration before evolving to full ransomware capabilities with dual AES/DES encryption by early 2021.
The group specializes in “pure extortion” tactics, stealing and selling sensitive corporate data rather than solely encrypting files, as reported by CSN.
Recent high-profile victims include ASUS, Nissan Motor Corporation (900 GB stolen in January 2026), and Dublin Airport (1.5 million passenger records compromised in October 2025).
McDonald’s India has not yet confirmed the breach. The company operates through two business entities: Connaught Plaza Restaurants for North and East India, and Hardcastle Restaurants for West and South India, serving millions of customers since 1996.
This incident marks another cybersecurity challenge for the fast-food giant’s Indian operations, which previously experienced data security issues in 2017 and 2024.
The potential exposure of customer personal data raises significant concerns about privacy violations and compliance with India’s data protection regulations, particularly if sensitive information falls into criminal hands for exploitation.
Follow us on Google News, LinkedIn, and X to Get Instant Updates ancd Set GBH as a Preferred Source in Google.