Headline
Everest Ransomware Claims Mailchimp as New Victim in Relatively Small Breach
Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July.
The Everest ransomware group is claiming responsibility for breaching Mailchimp, the popular marketing platform used to create, send and manage email campaigns and newsletters.
The group made the announcement earlier today on its dark web leak site, claiming to have stolen a 767 MB database containing 943,536 lines of data. According to Everest, the leak includes “internal company documents” and “a huge variety of personal documents and information of clients.”
A look at the sample data published by Everest shows that the leaked dataset includes structured business information rather than sensitive internal Mailchimp data. The records appear to contain domain names, company emails, phone numbers, city and country details, GDPR region labels, social media links, and information about hosting providers.
Many entries also list the technology stacks used by the companies, such as Shopify, WordPress, Amazon, Google Cloud, and PayPal. The data is organised in spreadsheet-style rows, suggesting it may have come from a marketing or CRM export rather than from Mailchimp’s internal systems.
Screenshot from the dark web leak site of the Everest ransomware group (Image credit: Hackread.com)
Everest ransomware is a relatively obscure strain that emerged around 2020. It follows the double extortion model, where attackers encrypt a victim’s files and also steal data to pressure victims by threatening public exposure.
While Everest never reached the notoriety of groups like REvil or Conti, it did claim responsibility for a breach of Coca-Cola in May 2025 and later leaked employee data online.
Nevertheless, whether small or large, ransomware attacks are peaking. On July 30, 2025, the INC ransomware claimed to have stolen 1.2 terabytes of data from Dollar Tree. On the same day, another group called GLOBAL GROUP announced a breach of the Miami-based media company Albavision, claiming to have taken 400 GB of data. These claims came just days after NASCAR acknowledged a data breach following Medusa ransomware’s demand for a $4 million ransom.
Hackread.com has reached out to Mailchimp. This article will be updated accordingly.