Everest ransomware targets McDonald’s India with 861GB data heist

INDIA – McDonald’s India operations have become the latest victim of a cyberattack, as the Everest ransomware group claims it exfiltrated 861GB of sensitive data.

Breach Disclosure Details

The Russian-speaking Everest group posted breach specifics on its dark web leak site on January 20, 2026, issuing a ransom demand with a strict deadline for payment.

Attackers warned that failure to comply would trigger full public release of the compromised materials.

They described the haul as encompassing customer personal details alongside a broad array of internal corporate files stored in their systems.

Data Sensitivity and Risks

Cybersecurity analysts highlight the grave implications of this incident, given the reported inclusion of names, contact information, transaction histories, and proprietary business records.

Such datasets enable identity fraud, spear-phishing campaigns targeting Indian customers and staff, and potential extortion schemes extending to regional partners.

Experts note breaches like this amplify vulnerabilities in quick-service restaurant chains handling high-volume consumer interactions daily.

McDonald’s India, operating through Connaught Plaza Restaurants for North/East and Hardcastle Restaurants for West/South since 1996, manages vast localized data flows from burgers to menu adaptations.

Company Response Stance

As of January 23, 2026, McDonald’s India has offered no public confirmation or rebuttal to Everest’s allegations, leaving uncertainty around verification and mitigation steps.

This silence mirrors initial phases of many ransomware claims, where firms assess forensic impacts privately before disclosure. The absence of immediate acknowledgment heightens concerns for affected stakeholders awaiting clarity on exposure scope.

Everest Group Profile

Emerging in December 2020, Everest initially specialized in data exfiltration before evolving to ransomware encryption using AES/DES methods by early 2021.

The group has claimed 337 victims since 2023 per tracking tools, striking high-profile entities across sectors.

Recent operations include a January 2026 theft of 900GB from ASUS and Nissan Motor Corporation, plus an October 2025 Dublin Airport compromise of 1.5 million passenger records.

Other notable hits involve Collins Aerospace, disrupting European airport check-ins via its MUSE software, and Air Miles España with 131GB of loyalty program data. Everest’s tactics often feature sample proofs—like customer contacts and financial screenshots—to pressure negotiations.

Sign up HERE to receive our email newsletters with the latest news and insights from Africa and around the world, and follow us on our WhatsApp channel for updates.