Ransomware Group: EVEREST

VICTIM NAME: Crumbl

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the EVEREST Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Crumbl, a well-known bakery chain from the United States recognized for its gourmet cookies and rotating menu. The breach was discovered on July 25, 2025, and the attack date is recorded as July 23, 2025. The leak appears to involve sensitive business information, although specific details have not been publicly disclosed. The page includes a screenshot of internal documents, indicating that data related to operations or confidential company information has been compromised. No personally identifiable information (PII) of employees or customers has been highlighted in the leak summary. The breach has been claimed by a group associated with the Everest group, suggesting a coordinated cyberattack targeting the company’s digital assets.

The leak page provides a link to a claim URL on the dark web, which likely hosts the stolen data or further details about the breach. The incident affects a company operating in the consumer services sector, specifically within the food and hospitality industry. Given Crumbl’s rapid expansion since 2017, this cyber incident could potentially expose operational or strategic information that could impact its business reputation and customer trust. The availability of leak screenshots implies that the attackers may have released internal documents or other data as part of their extortion or publicity efforts. The breach underscores ongoing cybersecurity risks faced by high-profile retail and franchise chains, especially as cybercriminal groups continue targeting such organizations for financial gain and notoriety.