The Everest ransomware group has claimed responsibility for a major cyberattack targeting McDonald’s India, allegedly exfiltrating 861 GB of sensitive data.
The threat actors posted details of the breach on their dark web leak site on January 20, 2026, threatening to publicly release the stolen information if the company fails to respond within a specified deadline.
According to the ransomware group’s claims, the breach compromised a massive volume of internal company documents and customer personal data.
The attackers stated that “personal data of your customers and internal documents were leaked into our storage,” including a “huge variety of personal documents and information of clients”.
The stolen data reportedly contains internal records that could pose significant risks for identity theft and targeted phishing campaigns across the region.
Everest is a Russian-speaking ransomware operation that emerged in December 2020, initially focusing on data exfiltration before evolving to full ransomware capabilities with dual AES/DES encryption by early 2021.
The group is well-known for “pure extortion” tactics, specializing in stealing and selling sensitive corporate data rather than just encrypting files. Recent high-profile victims include ASUS, Nissan Motor Corporation (900 GB stolen in January 2026), and Dublin Airport (1.5 million passenger records compromised in October 2025).
McDonald’s India has not yet confirmed the breach. The company operates in India through two business entities: Connaught Plaza Restaurants for North and East India, and Hardcastle Restaurants for West and South India, serving millions of customers since 1996.
This incident marks another cybersecurity challenge for the fast-food giant’s Indian operations, which previously experienced data security issues in 2017 and 2024.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
