McDonald’s business in India has become the latest target of a cyber incident, after the Everest ransomware group alleged it exfiltrated 861GB of sensitive data.
The group disclosed details of the alleged breach on its dark web leak site on 20 January 2026.
Go deeper with GlobalData
Discover B2B Marketing That Performs
Combine business intelligence and editorial excellence to reach engaged professionals across 36 leading media platforms.
It also issued a ransom demand, warning that the data would be released publicly if payment was not made within a set deadline, according to a Cyber Press report.
In its post, Everest said the attack exposed both customer information and internal company files.
The threat actors stated that “personal data of your customers and internal documents were leaked into our storage,” calling the stolen material a “huge variety of personal documents and information of clients”.
Security experts have indicated that the type of data described makes the incident particularly serious.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataThe information is reported to include internal records that could be misused for identity-related fraud and targeted phishing against customers and employees in India and nearby regions.
Breaches of this kind often involve names, contact details, transaction data and confidential business documentation.
As of 21 January 2026, McDonald’s India had not publicly confirmed or commented on the claims made by Everest.
Everest is regarded as a Russian-speaking cybercriminal group that emerged in December 2020. It began with a focus on data theft and later introduced full ransomware encryption by early 2021, using dual AES/DES encryption for files.
Recent cases linked to Everest include incidents involving ASUS and Nissan Motor Corporation, where attackers allegedly stole 900GB of data in January 2026.
The group has also been tied to an attack on Dublin Airport, which reported the compromise of 1.5 million passenger records in October 2025.
