The Mailchimp ransomware claim by the Everest group is raising eyebrows—not for its impact, but for how little data was actually leaked. Cybersecurity experts and insiders are calling the leak insignificant, with some mocking it on social media as “breadcrumbs.”
On July 26, 2025, the Everest ransomware group listed Mailchimp on its dark leak site. The post included a warning: the company had four days to negotiate before the group published stolen internal documents. Everest also shared two database samples and an audio message that would expire when the countdown ended.
Despite Everest’s dramatic presentation, industry experts remain unimpressed. The group claimed to have exfiltrated a 767MB database containing just under a million lines. Compared to Mailchimp’s reported 333 billion emails sent in 2020, the stolen data appears trivial.
Security experts aren’t buying the hype
Cyber researchers and insiders quickly weighed in. Malware repository vx-underground noted, “This seems remarkably small for a vendor as large and widespread as Mailchimp.” Others joked that the leak could represent “just one customer” or “300 milliseconds worth of Mailchimp data.”
One user on X commented, “I would have expected GB-levels, just due to the sheer number of years they’ve been collecting data.”
Everest claimed that the leak includes personal documents and client data. But so far, the evidence doesn’t support a major breach. Security experts are now questioning whether Mailchimp itself was even the direct target—some speculate it could be a client-of-a-client breach instead.
Mailchimp, which was acquired by Intuit in 2021 for $12 billion, says it is investigating the matter. The company is headquartered in Atlanta with global offices and over 1,500 employees. In 2024, it reportedly held 66% of the global email market and earned $61 billion in revenue.
Who is the Everest ransomware group?
Everest has been an active threat actor since mid-2021. The group is believed to be based in Russia and is known for bold attacks on corporations, hospitals, and government agencies. Rather than locking systems with encryption, Everest focuses on data exfiltration and public leaks.
In recent weeks, Everest has listed several victims, including Crumbl Cookies, BitBox, and Coca-Cola’s Middle East operations. The group reportedly leaked sensitive internal documents and client data from these companies. It also claimed a massive leak of 23 million records during the Coca-Cola Europacific Partners attack.
Security researcher Martin Vigo told Cybernews that Everest uses its dark leak site as a pressure mechanism. Victims are named publicly, and sample data is posted to increase reputational and legal pressure—often prompting ransom payments.
Conclusion
The Mailchimp ransomware claim may be more bark than bite. While Everest tries to pressure its targets with leaked samples and threats, cybersecurity experts are calling this one underwhelming. Unless new evidence emerges, it looks like this “breach” won’t live up to the group’s usual high-profile leaks. Mailchimp continues to investigate, but for now, it’s mostly just crumbs.
0 responses to “Mailchimp ransomware claim mocked over small data leak”