The Everest ransomware group claimed responsibility for breaching Mailchimp, a popular marketing platform. The group stole a 767 MB database containing 943,536 lines of data, including internal company documents and personal information of clients. The leaked dataset includes structured business information such as domain names, company emails, phone numbers, city and country details, GDPR region labels, social media links, and information about hosting providers. Many entries also list the technology stacks used by the companies.
Source: https://hackread.com/everest-ransomware-claims-mailchimp-small-breach/
TPRM report: https://scoringcyber.rankiteo.com/company/intuitmailchimp
"id": "int529080125",
"linkid": "intuitmailchimp",
"type": "Ransomware",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Marketing Platform',
'name': 'Mailchimp',
'type': 'Company'}],
'attack_vector': 'Ransomware',
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['spreadsheet-style rows'],
'number_of_records_exposed': 943536,
'sensitivity_of_data': 'Medium',
'type_of_data_compromised': ['domain names',
'company emails',
'phone numbers',
'city and country details',
'GDPR region labels',
'social media links',
'information about hosting '
'providers',
'technology stacks']},
'description': 'The Everest ransomware group claimed responsibility for '
'breaching Mailchimp, stealing a 767 MB database containing '
'internal company documents and personal information of '
'clients.',
'impact': {'data_compromised': ['internal company documents',
'personal documents and information of '
'clients']},
'motivation': 'Double Extortion (Encryption and Data Theft)',
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Everest'},
'references': [{'source': 'Hackread.com'}],
'threat_actor': 'Everest Ransomware Group',
'title': 'Mailchimp Data Breach by Everest Ransomware Group',
'type': 'Data Breach'}