In a developing story, the infamous Everest ransomware group has added a new name to its list of victims: email marketing giant Mailchimp. The cybercrime collective announced the breach on its dark web leak page, claiming to have exfiltrated a 767 MB database. While the group alleges the data contains internal company documents and a variety of personal and customer information, a closer analysis suggests a more contained, albeit still serious, incident.
According to a review of the sample data provided by Everest, the leaked information appears to be structured business data rather than highly sensitive internal Mailchimp systems. The 943,536 rows of data include details such as company emails, phone numbers, domain names, social media links, and information on technology stacks used by customers (like Shopify and WordPress). This suggests the data may have originated from a marketing or CRM export, rather than a deep infiltration of Mailchimp’s core infrastructure.
This latest breach, while concerning for the companies whose data was exposed, is relatively small compared to the scale of some of Everest’s past attacks. The Russian-speaking group, which has been active since late 2020, has previously targeted high-profile entities like the Brazilian government and NASA. Originally known for its “double-extortion” model, encrypting data and threatening to leak it, Everest has increasingly shifted its focus. Since late 2022, the group has primarily operated as an Initial Access Broker (IAB), selling network access to compromised organizations to other cybercriminals.
For Mailchimp, this incident marks yet another security challenge. The company has faced similar breaches in the past, including a social engineering attack in early 2023 that targeted cryptocurrency and finance clients. While Mailchimp has been quick to address these incidents, the recurring nature of such events raises questions about its ongoing security posture and the vulnerabilities inherent in large-scale platform providers. Customers are advised to be vigilant for any suspicious communications and to review their account security settings. The investigation into the full scope of the breach is ongoing.
![Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]](https://sumtrix.com/wp-content/uploads/2025/06/30-12-120x86.jpg "Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]")
