Everest Ransomware Claims Breach of McDonald’s India

The Everest ransomware group has claimed responsibility for a cyberattack targeting McDonald’s India, asserting the exfiltration of 861 GB of sensitive data.

The threat actors posted details of the breach on their dark web leak site on January 20, 2026, threatening to publicly release the stolen information if the company fails to respond within a specified deadline.

According to the ransomware group’s claims, the breach compromised a massive volume of internal company documents and customer personal data.

The attackers stated that “personal data of your customers and internal documents were leaked into our storage,” including a “huge variety of personal documents and information of clients”.

The stolen data reportedly contains internal records that could pose significant risks for identity theft and targeted phishing campaigns across the region.

Everest is a Russian-speaking ransomware operation that emerged in December 2020, initially focusing on data exfiltration before evolving to full ransomware capabilities with dual AES/DES encryption by early 2021.

The group is well-known for “pure extortion” tactics, specializing in stealing and selling sensitive corporate data rather than just encrypting files. Recent high-profile victims include ASUS, Nissan Motor Corporation (900 GB stolen in January 2026), and Dublin Airport (1.5 million passenger records compromised in October 2025).

McDonald’s India has not yet confirmed the breach. The company operates in India through two business entities: Connaught Plaza Restaurants for North and East India, and Hardcastle Restaurants for West and South India, serving millions of customers since 1996.

This incident marks another cybersecurity challenge for the fast-food giant’s Indian operations, which previously experienced data security issues in 2017 and 2024.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.