Everest Ransomware Group Claims Breach of McDonald’s India, Allegedly Stealing 861GB of Sensitive Data The Everest ransomware group has claimed responsibility for a breach of McDonald’s India, the fast-food giant’s Indian subsidiary, allegedly exfiltrating 861 GB of customer data and internal documents. The claim, posted on the group’s dark web leak site on January 20, 2026, includes screenshots purportedly showing financial reports (2023–2026), audit trails, ERP migration files, pricing data, and confidential internal communications. Among the leaked materials are structured directories with month-by-month accounting records, a folder labeled "Investor Info" containing board-level documents, and a "Contact Database" with details of investors and business partners including names, addresses, phone numbers, and emails across the US, UK, Singapore, and India. Additional screenshots reveal store-level data, such as manager names, company email addresses (under mcdonaldsindia.com), and direct contact numbers for multiple outlet locations. Everest has set a two-day deadline for McDonald’s India to respond, though the company has yet to issue an official statement. The claims remain unverified pending confirmation from McDonald’s or further evidence. The group, one of the most active ransomware operators in 2025, has maintained its aggressive campaign into 2026, targeting high-profile organizations including Nissan, ASUS, Chrysler, Iberia Airlines, Under Armour, Petrobras, AT&T, and Dublin Airport. Investigations into the alleged McDonald’s India breach are ongoing.