Everest Ransomware Group Claims Breach of McDonald’s India, Allegedly Stealing 861 GB of Data
On January 20, 2026, the Everest ransomware group announced on its dark web leak site that it had breached McDonald’s India, the fast-food chain’s Indian subsidiary. The attackers claim to have exfiltrated 861 GB of sensitive data, including financial reports, audit trails, pricing information, and internal communications. Screenshots shared as evidence suggest access to accounting or enterprise resource planning (ERP) systems, with directories organized by month.
Among the compromised data is a "Contact Database" spreadsheet containing personal and business details of investors and partners across the US, UK, Singapore, and India. Additionally, internal store-level records such as manager names and contact numbers for multiple outlets were allegedly exposed. Everest has set a two-day deadline for McDonald’s India to respond, though the company has not issued a public statement.
The incident underscores the ongoing threat posed by Everest, a ransomware group active since 2025, as it continues targeting high-profile organizations in 2026.
Source: https://www.scworld.com/brief/everest-ransomware-group-claims-mcdonalds-india-data-breach
Westlife Foodworld Limited cybersecurity rating report: https://www.rankiteo.com/company/westlife-foodworld-ltd
"id": "WES1769016484",
"linkid": "westlife-foodworld-ltd",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Fast-food',
'location': 'India',
'name': 'McDonald’s India',
'type': 'Subsidiary'}],
'data_breach': {'data_exfiltration': 'Yes',
'file_types_exposed': ['Spreadsheets', 'Directories'],
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Financial reports',
'Audit trails',
'Pricing information',
'Internal communications',
'Personal and business details '
'of investors and partners',
'Internal store-level records']},
'date_detected': '2026-01-20',
'date_publicly_disclosed': '2026-01-20',
'description': 'On January 20, 2026, the Everest ransomware group announced '
'on its dark web leak site that it had breached McDonald’s '
'India, the fast-food chain’s Indian subsidiary. The attackers '
'claim to have exfiltrated 861 GB of sensitive data, including '
'financial reports, audit trails, pricing information, and '
'internal communications. Screenshots shared as evidence '
'suggest access to accounting or enterprise resource planning '
'(ERP) systems, with directories organized by month. Among the '
"compromised data is a 'Contact Database' spreadsheet "
'containing personal and business details of investors and '
'partners across the US, UK, Singapore, and India. '
'Additionally, internal store-level records such as manager '
'names and contact numbers for multiple outlets were allegedly '
'exposed. Everest has set a two-day deadline for McDonald’s '
'India to respond, though the company has not issued a public '
'statement.',
'impact': {'brand_reputation_impact': 'Potential damage due to data exposure',
'data_compromised': '861 GB of sensitive data',
'identity_theft_risk': 'High',
'systems_affected': 'Accounting/ERP systems'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Everest'},
'references': [{'date_accessed': '2026-01-20',
'source': 'Everest ransomware group dark web leak site'}],
'threat_actor': 'Everest ransomware group',
'title': 'Everest Ransomware Group Claims Breach of McDonald’s India',
'type': 'Ransomware'}