A major cyberattack has hit McDonald’s India, with the Everest ransomware group claiming responsibility for stealing a massive trove of sensitive data.
Quick Summary – TLDR:
- Everest ransomware group claims to have stolen 861 GB of data from McDonald’s India.
- Leaked data includes internal documents and personal customer information.
- No official statement from McDonald’s India yet, raising concerns over customer security.
- The attack reflects a growing trend of data-focused extortion by cybercriminal groups.
What Happened?
The Everest ransomware group has publicly claimed responsibility for a cyberattack on McDonald’s India, stating they have exfiltrated 861 gigabytes of internal and customer data. The threat was posted on their dark web leak site on January 20, 2026, accompanied by a message urging the company to contact them or risk public data release. As of now, McDonald’s India has not issued any official comment or confirmation.
⚠️ Everest Ransomware Group Allegedly Claims to Have Breached McDonald’s India
— Cyber Security News (@The_Cyber_News) January 21, 2026
Source: https://t.co/yvL7fdwv1l
The Everest ransomware group has claimed responsibility for a major cyberattack targeting McDonald’s India, allegedly exfiltrating 861 GB of sensitive data.
The… pic.twitter.com/dqajX87BY3
Everest’s Latest Victim: McDonald’s India
The Everest group, a Russian-speaking cybercriminal operation known for data extortion tactics, has added mcdonaldsindia.com to its list of victims. Unlike typical ransomware that encrypts systems, Everest specializes in stealing data and demanding ransom in exchange for silence.
- The group claims the stolen data includes customer personal details and internal company documents.
- Everest stated, “Personal data of your customers and internal documents were leaked into our storage”.
- The breach was disclosed with the warning: “The full leak will be published soon, unless a company representative contacts us via the channels provided”.
Security experts say the 861 GB of compromised data likely includes names, contact details, internal communications, transaction logs, and more. This puts customers and employees at risk of identity theft and phishing attacks.
A Pattern of Breaches
McDonald’s India operates under two business entities: Connaught Plaza Restaurants Private Limited (North and East) and Hardcastle Restaurants Private Limited (West and South). The company entered the Indian market in 1996, but this is not its first brush with cybersecurity problems.
- Previous data incidents occurred in 2017 and 2024, suggesting ongoing vulnerabilities.
- The latest breach is one of the largest known incidents involving McDonald’s franchise operations worldwide.
Security analysts are sounding alarms about how this breach fits into a wider trend. The Everest group has also targeted ASUS, Nissan Motor Corporation (with 900 GB stolen earlier this month), and Dublin Airport (1.5 million passenger records compromised in October 2025). These high-profile attacks underscore the group’s preference for stealing and leaking data instead of encrypting systems.
Immediate Actions for Customers
With no public disclosure yet from McDonald’s India, customers and employees are urged to take precautionary steps:
- Change passwords on McDonald’s apps and linked accounts.
- Enable multi-factor authentication (MFA) where possible.
- Stay alert for suspicious emails or text messages using stolen data.
- Consider using identity theft protection services.
Cybersecurity professionals also recommend that organizations monitor threat intelligence feeds, update their incident response strategies, and close any data access gaps to prevent further exposure.
SQ Magazine Takeaway
Honestly, this is scary stuff. As someone who regularly orders from McDonald’s India, hearing about an 861 GB data leak with no public response from the company is concerning. Everest is not just encrypting files, they are going straight for the jugular by leaking sensitive information. I hope McDonald’s steps up soon and communicates with customers because silence after such a big breach is just not acceptable anymore. If you’ve ever used their app or service, now is the time to check your accounts and stay alert.
