Tulsa International Airport
January 31, 2026
•[ ransomware, data leak, internal documents ]
Qilin ransomware gang claimed responsibility for a ransomware attack on Tulsa International Airport and posted leaked internal documents; airport confirmed incident but not the attribution.
McDonald's India
January 20, 2026
•[ ransomware, data leak, data exfiltration ]
HackRead reported that on January 20, 2026 the Everest ransomware group claimed it breached McDonalds India and exfiltrated 861 GB of customer data and internal documents. The report described screenshots purportedly showing internal financial reports (20232026), audit trails, cost tracking, ERP migration files, pricing data, and other internal communications, as well as a Contact Database spreadsheet with investor/business-partner contact details and store-level manager contact information. Everest reportedly issued a short deadline and threatened to leak data; the article noted the claim was unverified at the time.
Hyatt
January 19, 2026
•[ ransomware, data leak, double-extortion ]
A ransomware group calling itself NightSpire publicly claimed on January 19, 2026 that it attacked Hyatt and exfiltrated 48.5GB of data originating from the Hyatt Place Chelsea New York hotel. The actors published samples that appeared to include internal company documents such as invoices, expense reports containing employee names, contact information, signatures, and partner company data, and researchers noted the sample list suggested possible exposure of employee credentials for internal tools (raising risk of further compromise). The posting indicated a free download link, consistent with double-extortion tactics where stolen data is leaked if negotiations fail. At the time of reporting, Hyatt had not publicly confirmed the breach and the claims remained unverified by the company.
