Mailchimp Hit by Everest Ransomware Group in Data Theft Attack
The Everest ransomware group has claimed responsibility for a cyberattack on Mailchimp, the direct marketing platform with over 14 million users, including major brands like The North Face, Vimeo, and New Belgium Brewing. On July 31, the group posted details of the breach on its darknet leak site, alleging the theft of 767 MB of data approximately 943,536 lines of information.
The stolen data includes internal company documents, client personal information, and corporate details, such as:
- Company domain names and emails
- Location data and phone numbers
- Social media links
- GDPR-related labels
- Tech stack details of companies like Amazon, PayPal, and Shopify
Everest provided two screenshots of the data, which appear to have been exported from a customer relationship management (CRM) platform. Notably, the group has not issued a ransom demand or deadline, and Mailchimp is one of four victims listed on the same day.
Everest, a Russian-linked ransomware group active since 2020, initially operated as a data-theft extortion operation before expanding into ransomware and encryption. The group has claimed 238 victims to date, with recent attacks including:
- Coca-Cola’s Middle Eastern bottling partner (May 2024)
- South African healthcare giant Mediclinic
- Australian behavioral science firm Evidn (earlier in 2024)
Mailchimp has not yet publicly responded to the breach. The incident highlights the ongoing threat posed by ransomware groups targeting high-profile marketing and customer data platforms.
Source: https://www.cyberdaily.au/security/12453-mailchimp-hit-by-alleged-ransomware-attack
Mailchimp TPRM report: https://www.rankiteo.com/company/mailchimp
Vimeo TPRM report: https://www.rankiteo.com/company/vimeo
"id": "vimmai1770775106",
"linkid": "vimeo, mailchimp",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Major brands including The '
'North Face, Vimeo, and New '
'Belgium Brewing',
'industry': 'Marketing, Technology',
'name': 'Mailchimp',
'size': '14 million users',
'type': 'Direct Marketing Platform'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '943,536 lines of information',
'personally_identifiable_information': ['Company domain names '
'and emails',
'Location data',
'Phone numbers',
'Social media links',
'GDPR-related labels'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Internal company documents',
'Client personal information',
'Corporate details']},
'date_publicly_disclosed': '2024-07-31',
'description': 'The Everest ransomware group has claimed responsibility for a '
'cyberattack on Mailchimp, the direct marketing platform with '
'over 14 million users, including major brands like The North '
'Face, Vimeo, and New Belgium Brewing. The group alleges the '
'theft of 767 MB of data, approximately 943,536 lines of '
'information, including internal company documents, client '
'personal information, and corporate details.',
'impact': {'data_compromised': '767 MB (943,536 lines of information)',
'identity_theft_risk': 'High'},
'motivation': 'Data Theft Extortion, Financial Gain',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Everest'},
'references': [{'date_accessed': '2024-07-31',
'source': 'Everest ransomware group darknet leak site'}],
'regulatory_compliance': {'regulations_violated': ['GDPR']},
'threat_actor': 'Everest Ransomware Group',
'title': 'Mailchimp Hit by Everest Ransomware Group in Data Theft Attack',
'type': 'Data Theft, Ransomware'}