Everest Ransomware Claims a 2025 Mailchimp Data Breach Affecting Personal and Customer Information

• Mailchimp breach: The Everest Ransomware gang recently claimed to have breached Mailchimp.
• What was stolen: Samples allegedly contain more than 943,000 lines that the threat actors say include personal and client data.
• Business information: Company emails, phone numbers, city, country, and domain names were reportedly exposed.

The Everest ransomware group has claimed responsibility for a recent data breach targeting Mailchimp, one of the world's most popular email marketing services. The stolen information reportedly includes personal information and client documents.

Despite its relatively small size compared to more extensive cyberattacks, the incident highlights the growing prevalence and sophistication of ransomware operations across high-profile platforms.  

Breach Details and Stolen Data  

According to statements made by the ransomware group, the Mailchimp breach resulted in the theft of a 767 MB database containing 943,536 lines of data. 

The leaked dataset comprises structured business information such as:

• company emails, phone numbers, city, and country details
• domain names
• company GDPR region labels
• social media links
• hosting service details 

Additional records also referenced the technology stacks utilized by affected companies, such as Shopify, Amazon, WordPress, Google Cloud, and PayPal, according to reports.

Data samples provided by the attackers suggest the majority of the compromised entries originated from customer relationship management (CRM) or marketing exports rather than Mailchimp’s internal systems. 

Data breaches originating from social engineering campaigns targeting third-party CRM services include the New Allianz Life Insurance Company incident in July and the recent lawsuit filed by Clorox, which accuses Cognizant of being the root cause of the breach at the cleaning and disinfecting products manufacturer Scattered Spider.

The Everest group, which has been active since 2020, is allegedly associated with EverBe 2.0 and the Russia-based BlackByte group. 

Implications of the Cybersecurity Incident  

This cybersecurity incident adds to a spike in ransomware attacks, underscoring the exploitation of widely used services to target businesses.  The latest available report, dated 2020, estimates that around 14 million customers are served, including Vimeo, TED, The North Face, and New Belgium Brewing.

Mailchimp has yet to confirm the breach or its impact. This 2025 ransomware attack follows a cybersecurity incident that occurred in 2023.

In other news, TechNadu reported on the Everest group targeting of Coca-Cola, as employee data was dumped due to unpaid ransom in May. In April, the threat actor’s website was reportedly hacked.