McDonald’s India, Connaught Plaza Restaurants Private Limited and Hardcastle Restaurants Private Limited: Everest Ransomware Group Allegedly Claims Breach of McDonald’s India Systems

Everest Ransomware Group Claims Massive Data Breach of McDonald’s India Operations

The Everest ransomware group has taken responsibility for a major cyberattack on McDonald’s India, alleging the exfiltration of 861 gigabytes of sensitive corporate and customer data. The threat actors disclosed the breach on their dark web leak site on January 20, 2026, issuing a ransom demand with threats to publicly release the stolen data if payment is not made.

According to Everest’s claims, the compromised dataset includes customer personal information and internal company documents, which security analysts warn could enable identity theft and targeted phishing campaigns across the Indian subcontinent. The stolen data reportedly contains names, contact details, transaction histories, and internal business records, marking one of the largest disclosed breaches targeting McDonald’s franchise operations globally.

Everest, a Russian-speaking cybercriminal group active since December 2020, specializes in "pure extortion" tactics prioritizing data theft and ransom demands over traditional ransomware encryption. The group employs dual AES/DES encryption and has a history of targeting high-profile organizations, including ASUS, Nissan Motor Corporation (900 GB stolen in January 2026), and Dublin Airport (1.5 million passenger records compromised in October 2025).

McDonald’s operates in India through two entities: Connaught Plaza Restaurants Private Limited (North and East India) and Hardcastle Restaurants Private Limited (West and South India). The company, which entered the Indian market in 1996, has not publicly confirmed the breach as of January 21, 2026. This incident follows previous security incidents in 2017 and 2024, highlighting recurring vulnerabilities in its infrastructure.

Source: https://cyberpress.org/everest-ransomware-mcdonalds-india-systems/

Hardcastle Restaurants Pvt. Ltd. cybersecurity rating report: https://www.rankiteo.com/company/hardcastle-restaurants-pvt-ltd

McDonald's India – North and East cybersecurity rating report: https://www.rankiteo.com/company/mcdonalds-india-north-and-east

Hardcastle Restaurants Pvt. Ltd. cybersecurity rating report: https://www.rankiteo.com/company/hardcastle-restaurants-pvt-ltd

"id": "HARMCDHAR1768994739",
"linkid": "hardcastle-restaurants-pvt-ltd, mcdonalds-india-north-and-east, hardcastle-restaurants-pvt-ltd",
"type": "Ransomware",
"date": "6/1996",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Fast Food, Hospitality',
                        'location': 'North and East India',
                        'name': 'McDonald’s India (Connaught Plaza Restaurants '
                                'Private Limited)',
                        'type': 'Franchise Operator'},
                       {'industry': 'Fast Food, Hospitality',
                        'location': 'West and South India',
                        'name': 'McDonald’s India (Hardcastle Restaurants '
                                'Private Limited)',
                        'type': 'Franchise Operator'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': ['Names',
                                                         'Contact details',
                                                         'Transaction '
                                                         'histories'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Customer personal information',
                                              'Internal company documents']},
 'date_publicly_disclosed': '2026-01-20',
 'description': 'The Everest ransomware group has taken responsibility for a '
                'major cyberattack on McDonald’s India, alleging the '
                'exfiltration of 861 gigabytes of sensitive corporate and '
                'customer data. The threat actors disclosed the breach on '
                'their dark web leak site on January 20, 2026, issuing a '
                'ransom demand with threats to publicly release the stolen '
                'data if payment is not made. The compromised dataset includes '
                'customer personal information and internal company documents, '
                'which could enable identity theft and targeted phishing '
                'campaigns.',
 'impact': {'brand_reputation_impact': 'Potential damage due to data exposure',
            'data_compromised': '861 GB',
            'identity_theft_risk': 'High'},
 'motivation': 'Financial gain (extortion)',
 'ransomware': {'data_encryption': 'Dual AES/DES encryption',
                'data_exfiltration': 'Yes',
                'ransom_demanded': 'Yes',
                'ransomware_strain': 'Everest'},
 'references': [{'date_accessed': '2026-01-20',
                 'source': 'Everest ransomware group dark web leak site'}],
 'threat_actor': 'Everest Ransomware Group',
 'title': 'Everest Ransomware Group Claims Massive Data Breach of McDonald’s '
          'India Operations',
 'type': 'Ransomware, Data Breach'}