The Everest ransomware group has announced a significant breach of McDonald's India, claiming to have stolen 861 GB of data including customer records and internal financial documents. The group posted evidence of the intrusion on their leak site on January 20, 2026, and has given the company a two-day deadline to respond before the information is released.
The Everest ransomware group has recently targeted McDonald's India, claiming to have exfiltrated a massive 861 GB of data from the fast-food giant's Indian subsidiary. This claim appeared on the group's dark web leak site and includes a variety of sensitive materials ranging from customer information to highly confidential internal company documents. While the company has yet to confirm the incident, the group has provided visual evidence to back their assertions.
Among the evidence provided are screenshots of internal directories that appear to hold financial reports spanning from 2023 to 2026. These files include detailed audit trails, cost tracking sheets, and data related to enterprise resource planning migrations. The structured nature of the files suggests that the attackers gained deep access to the company's accounting systems and internal pricing structures.
The leak also appears to compromise high-level corporate intelligence, as evidenced by folders labeled for investor information. One specific spreadsheet titled as a contact database reportedly contains the personal details of business partners and investors across multiple countries, including the United States, the United Kingdom, Singapore, and India. This database allegedly includes full names, mailing addresses, and direct contact information.
Furthermore, the breach extends to the operational level of the franchise, with screenshots showing store-level data. These documents list names of managers, company-issued email addresses, and direct phone numbers for numerous outlet locations throughout India. This specific information poses a direct risk to the privacy and security of individual employees and local branch management.
Everest has stated that customer data is included in the stolen cache and has issued a two-day ultimatum for McDonald's India to engage in negotiations. At this time, the fast-food provider has not released an official statement regarding the validity of the threat or the extent of the potential data exposure. Until an official investigation is completed, the full scope of the breach remains unverified by the corporation.
Source: Everest Ransomware Behind Mcdonalds India Customer Data Breach