• Home
  • cyber
  • McDonald’s India, Iberia Airlines, Nissan and Under Armour: Everest Ransomware Claims McDonalds India Breach Involving Customer Data
cyber Ransomware

McDonald’s India, Iberia Airlines, Nissan and Under Armour: Everest Ransomware Claims McDonalds India Breach Involving Customer Data

Jun 16, 2023 2 min read
McDonald’s India, Iberia Airlines, Nissan and Under Armour: Everest Ransomware Claims McDonalds India Breach Involving Customer Data

Everest Ransomware Group Claims Breach of McDonald’s India, Allegedly Stealing 861GB of Sensitive Data

The Everest ransomware group has claimed responsibility for a breach of McDonald’s India, the fast-food giant’s Indian subsidiary, allegedly exfiltrating 861 GB of customer data and internal documents. The claim, posted on the group’s dark web leak site on January 20, 2026, includes screenshots purportedly showing financial reports (2023–2026), audit trails, ERP migration files, pricing data, and confidential internal communications.

Among the leaked materials are structured directories with month-by-month accounting records, a folder labeled "Investor Info" containing board-level documents, and a "Contact Database" with details of investors and business partners including names, addresses, phone numbers, and emails across the US, UK, Singapore, and India. Additional screenshots reveal store-level data, such as manager names, company email addresses (under mcdonaldsindia.com), and direct contact numbers for multiple outlet locations.

Everest has set a two-day deadline for McDonald’s India to respond, though the company has yet to issue an official statement. The claims remain unverified pending confirmation from McDonald’s or further evidence.

The group, one of the most active ransomware operators in 2025, has maintained its aggressive campaign into 2026, targeting high-profile organizations including Nissan, ASUS, Chrysler, Iberia Airlines, Under Armour, Petrobras, AT&T, and Dublin Airport. Investigations into the alleged McDonald’s India breach are ongoing.

Source: https://hackread.com/everest-ransomware-mcdonalds-india-breach-customer-data/

McDonald's Global Office in India cybersecurity rating report: https://www.rankiteo.com/company/mcdonald-s-global-office-in-india

Iberia cybersecurity rating report: https://www.rankiteo.com/company/iberia

Nissan Motor India Private Limited cybersecurity rating report: https://www.rankiteo.com/company/nissan-motor-india-private-limited

Deccan Founders cybersecurity rating report: https://www.rankiteo.com/company/deccan-founders

"id": "MCDIBENISDEC1768955534",
"linkid": "mcdonald-s-global-office-in-india, iberia, nissan-motor-india-private-limited, deccan-founders",
"type": "Ransomware",
"date": "6/2023",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Fast Food/Restaurant',
                        'location': 'India',
                        'name': 'McDonald’s India',
                        'type': 'Subsidiary'}],
 'data_breach': {'data_exfiltration': 'Yes (861 GB allegedly stolen)',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Phone numbers',
                                                         'Email addresses',
                                                         'Manager details'],
                 'sensitivity_of_data': 'High (confidential business and '
                                        'personal data)',
                 'type_of_data_compromised': ['Financial reports',
                                              'Audit trails',
                                              'ERP migration files',
                                              'Pricing data',
                                              'Internal communications',
                                              'Investor information',
                                              'Store-level data',
                                              'Contact databases']},
 'date_publicly_disclosed': '2026-01-20',
 'description': 'The Everest ransomware group has claimed responsibility for a '
                'breach of McDonald’s India, the fast-food giant’s Indian '
                'subsidiary, allegedly exfiltrating 861 GB of customer data '
                'and internal documents. The claim includes screenshots of '
                'financial reports, audit trails, ERP migration files, pricing '
                'data, and confidential internal communications. The leaked '
                'data also contains investor information, store-level details, '
                'and contact databases.',
 'impact': {'brand_reputation_impact': 'High (alleged breach of a global '
                                       'brand)',
            'data_compromised': '861 GB',
            'identity_theft_risk': 'High (PII exposed)'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain (ransom demand)',
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_demanded': 'Yes (two-day deadline set)',
                'ransomware_strain': 'Everest'},
 'references': [{'date_accessed': '2026-01-20',
                 'source': 'Everest Ransomware Group (dark web leak site)'}],
 'threat_actor': 'Everest Ransomware Group',
 'title': 'Everest Ransomware Group Claims Breach of McDonald’s India',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.