In late July 2025 the Everest ransomware group added Mailchimp to its leak site alleging it stole 767 MB of data-about 943 536 lines -described as “internal company documents.” Coverage by TechRadar Pro noted Everest posted samples and threatened consequences if the firm didn’t engage while Cybernews reported a live countdown with roughly four days remaining at the time of their piece. Early looks at the sample rows suggested the trove resembled structured business/marketing metadata rather than crown-jewel customer records. As Hackread summarized entries included domain names corporate emails and phone numbers city/country fields GDPR region labels social links hosting providers and tech-stack tags (e.g. Shopify Google Cloud). That profile aligns more with a CRM/export from a tenant than with a breach of Mailchimp’s core infrastructure. Intuit Mailchimp’s parent disputes the claim. In statements reported by Cybernews and MediaPost the company said its investigation found “no evidence to suggest any security incidents or exfiltration of data from our systems.” No breach notifications or regulatory filings have been issued in connection with this episode. The security community’s reaction has been broadly skeptical. TechRadar Pro reported that vx-underground characterized the dataset as “ remarkably small ” for a platform of Mailchimp’s size and it quoted social responses calling the haul “ 300 milliseconds worth of Mailchimp data ”-suggesting it might reflect one customer’s list rather than a platform-wide compromise. Contextually Mailchimp has been reported to serve roughly 14 million active users magnifying the perception that a 767 MB archive is tiny by comparison. See the discussion in TechRadar Pro and background cited by Cybernews . Bottom line (as of August 2025): The Mailchimp incident remains unverified . Everest claims a 767 MB dataset and uses a public countdown to ratchet pressure but Intuit says it has found no evidence of compromise and independent write-ups point to low-sensitivity marketing-like records that could originate from a single tenant or third party. This looks like a classic case of perception-driven extortion -naming a marquee brand to generate headlines and force a reaction even when technical severity is unclear. Frequently Asked Questions – Mailchimp 2025 Suspected Breach Was the Mailchimp 2025 breach confirmed? No. Intuit , Mailchimp’s parent company has publicly stated that its security teams found no evidence of a data breach or system compromise. The company has not issued any breach notifications or regulatory filings tied to this claim. Who claimed responsibility for the incident? The ransomware and extortion group known as Everest claimed responsibility adding Mailchimp to its leak site and alleging it had exfiltrated 767 MB of “internal company documents.” What data was allegedly stolen? According to descriptions on the leak site and reporting by Hackread , the data appeared to include domain names corporate contact information geographic metadata GDPR region tags social media links and technology stack identifiers. This suggests it may have been a marketing or CRM dataset rather than sensitive customer account data. How did the cybersecurity community react? Industry reaction as noted by TechRadar Pro was largely dismissive. Experts joked about the small size of the dataset and questioned whether it truly originated from Mailchimp’s core systems. Why is this incident still important? , Even unverified claims can cause reputational harm customer anxiety and operational distraction. As Cybernews observed ransomware groups increasingly leverage perception-driven extortion , using public allegations to apply pressure even when the technical severity is low.