Everest Ransomware Group Claims Massive Data Breach at McDonald’s India
The Everest ransomware group has alleged a major cyberattack on McDonald’s India, claiming to have exfiltrated 861 GB of sensitive data, including internal documents and customer personal information. The threat actors posted details of the breach on their dark web leak site on January 20, 2026, warning that the stolen data would be publicly released if McDonald’s fails to respond by a specified deadline.
According to Everest, the compromised data includes a wide range of personal and corporate records, posing risks of identity theft and targeted phishing attacks. The group, a Russian-speaking operation active since December 2020, specializes in "pure extortion" stealing and selling data rather than solely encrypting files. Known for high-profile attacks, Everest’s recent victims include ASUS, Nissan Motor Corporation (900 GB stolen in January 2026), and Dublin Airport (1.5 million passenger records breached in October 2025).
McDonald’s India, which operates through Connaught Plaza Restaurants (North/East India) and Hardcastle Restaurants (West/South India), has not yet confirmed the breach. The incident adds to the company’s history of cybersecurity challenges in the region, following previous data security issues in 2017 and 2024. The full scope and impact of the breach remain under investigation.
Source: https://cybersecuritynews.com/mcdonalds-india-everest-ransomware/
McDonald’s India TPRM report: https://www.rankiteo.com/company/mcdonald-s-global-office-in-india
ASUS TPRM report: https://www.rankiteo.com/company/asus
Connaught Plaza Restaurants TPRM report: https://www.rankiteo.com/company/mcdonalds-india-north-and-east
Hardcastle Restaurants TPRM report: https://www.rankiteo.com/company/westlife-foodworld-ltd
Nissan Motor Corporation TPRM report: https://www.rankiteo.com/company/nissan-motor-india-private-limited
"id": "mcdasumcdwesnis1768941156",
"linkid": "mcdonald-s-global-office-in-india, asus, mcdonalds-india-north-and-east, westlife-foodworld-ltd, nissan-motor-india-private-limited",
"type": "Ransomware",
"date": "6/2017",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Food & Beverage (Fast Food)',
'location': 'India',
'name': 'McDonald’s India (Connaught Plaza Restaurants '
'and Hardcastle Restaurants)',
'type': 'Corporation'}],
'data_breach': {'data_exfiltration': 'Yes (861 GB exfiltrated)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personal and corporate records)',
'type_of_data_compromised': ['Internal documents',
'Customer personal information']},
'date_publicly_disclosed': '2026-01-20',
'description': 'The Everest ransomware group has alleged a major cyberattack '
'on McDonald’s India, claiming to have exfiltrated 861 GB of '
'sensitive data, including internal documents and customer '
'personal information. The threat actors posted details of the '
'breach on their dark web leak site on January 20, 2026, '
'warning that the stolen data would be publicly released if '
'McDonald’s fails to respond by a specified deadline.',
'impact': {'brand_reputation_impact': 'Potential impact due to data breach '
'and identity theft risks',
'data_compromised': '861 GB of sensitive data',
'identity_theft_risk': 'High (personal and customer information '
'compromised)'},
'investigation_status': 'Under investigation',
'motivation': 'Extortion (Pure extortion - stealing and selling data)',
'ransomware': {'data_encryption': 'No (pure extortion, no encryption '
'mentioned)',
'data_exfiltration': 'Yes',
'ransomware_strain': 'Everest'},
'references': [{'date_accessed': '2026-01-20',
'source': 'Everest Ransomware Group Dark Web Leak Site'}],
'threat_actor': 'Everest Ransomware Group',
'title': 'Everest Ransomware Group Claims Massive Data Breach at McDonald’s '
'India',
'type': 'Ransomware'}