The Everest ransomware group has claimed responsibility for a data breach at Mailchimp, the widely used email marketing service. On its dark web leak site, the group announced it had stolen a 767 MB database containing 943,536 lines of data, which it alleges includes internal company documents and a wide variety of client personal information. This claim adds another high-profile name to the growing list of corporate victims targeted by cybercriminals.
An initial analysis of the sample data released by Everest suggests the information is structured business data rather than sensitive internal Mailchimp files. The dataset, organized in spreadsheet-style rows, contains details such as company domain names, business emails, phone numbers, and geographic locations. It also includes information on the technology stacks used by these companies, listing platforms like Shopify, WordPress, and PayPal, which indicates the data may have originated from a CRM or marketing export instead of a direct compromise of Mailchimp’s core infrastructure.
Everest is a lesser-known ransomware strain that emerged around 2020, operating on a “double extortion” model. This tactic involves not only encrypting a victim’s files but also exfiltrating sensitive data, which is then used as leverage by threatening public release if the ransom is not paid. While not as infamous as cartels like REvil or Conti, Everest has previously made headlines, notably claiming a breach of beverage giant Coca-Cola in May 2025 and subsequently leaking employee data.
The alleged Mailchimp incident is part of a broader, alarming spike in ransomware activity this month. On July 30, the INC ransomware group claimed to have stolen a massive 1.2 terabytes of data from retailer Dollar Tree. The same day, another entity called GLOBAL GROUP targeted Miami-based media company Albavision, allegedly exfiltrating 400 GB of data. These attacks followed the Medusa ransomware group’s recent breach of NASCAR, for which they demanded a $4 million ransom.
This recent wave of attacks underscores the persistent and escalating threat that ransomware poses to organizations worldwide. Whether carried out by notorious syndicates or more obscure groups like Everest, these incidents demonstrate that businesses of all sizes remain vulnerable. The consistent success of double extortion tactics highlights the critical need for robust cybersecurity measures, vigilant monitoring, and comprehensive incident response plans to protect both corporate and customer data from exposure.
Reference:
