On 20 January 2026, the Everest ransomware group publicly claimed that it had breached the internal systems of McDonald’s India and exfiltrated approximately 861 GB of data.
The claim was posted on the group’s dark-web leak site, where Everest listed McDonald’s India as a victim and threatened to release the stolen data if ransom demands are not met. Along with the claim, the attackers shared sample screenshots of files that they say were taken from the company’s network. These samples reportedly include internal corporate documents, operational records, and files that may contain employee and customer-related information.
At the time of reporting, McDonald’s India has not issued an official public statement confirming or denying the breach. There is also no confirmation yet from law-enforcement agencies or independent cybersecurity investigators regarding the authenticity or full scope of the alleged data theft.
Security researchers note that Everest is a known ransomware and extortion group that uses a double-extortion strategy. In this method, attackers first steal data from a victim’s network and then threaten public disclosure of that data in addition to demanding ransom payments. Everest has previously claimed responsibility for multiple attacks on large organizations across different sectors.
If the claim is verified, potential risks could include:
- Exposure of internal business and financial documents
- Compromise of employee personal data
- Possible misuse of customer information for phishing, fraud, or identity theft
- Reputational and regulatory consequences for the affected company
Cybersecurity experts are advising customers and users of McDonald’s digital services in India to take basic precautionary steps, including:
- Changing passwords linked to McDonald’s apps or loyalty accounts
- Enabling two-factor authentication where available
- Being cautious of emails, SMS messages, or calls claiming to be from McDonald’s, as attackers often use leaked data to launch targeted scams
The situation remains under investigation, and further updates are expected once McDonald’s India or relevant authorities release an official response.