Everest ransomware group claims McDonald’s India data breach

The Everest ransomware group is claiming to have breached McDonald's India, the Indian subsidiary of the American fast-food giant. The claim was published on the group’s official dark web leak site on January 20, 2026, stating that they exfiltrated 861 GB of customer data and internal company documents, with further coverage provided by HackRead.

The group provided screenshots as evidence, including financial reports, audit trails, pricing data, and sensitive internal communications. Directories labeled with month-by-month breakdowns suggest access to accounting or enterprise resource planning systems. A "Contact Database" spreadsheet reportedly contains personal and business information of investors and partners from the US, UK, Singapore, and India. Internal store-level data, including manager names and contact numbers for dozens of outlets, was also allegedly compromised. Everest has issued a two-day deadline for McDonald's India to respond, though the company has not yet made a statement. 

This alleged incident highlights the persistent threat posed by ransomware groups like Everest, which was highly active in 2025 and continues its campaign into 2026.

Source: HackRead