The Qilin ransomware group has claimed responsibility for an alleged cyberattack against global food and beverage giant Danone, claiming to have stolen 221 GB of internal company data before listing the organization on its data leak site.
The claim has not been independently verified. Danone had not issued any public statement at time of publication.
Alleged data theft targets global food company
Qilin claims it exfiltrated approximately 221 GB of data consisting of 91,558 files from Danone’s internal environment. The ransomware operation published a small collection of purported evidence intended to support its claims.
Based on the material allegedly released, the dataset appears to include financial reports, customer account information, customer issue reports, non-disclosure and confidentiality agreements, and monthly sales documents dating between 2023 and 2025.
The group did not specify how it allegedly gained access to Danone’s network, whether systems were encrypted, or whether negotiations with the company are ongoing.
Major international brands potentially affected
Headquartered in Paris, Danone is one of the world’s largest food and beverage companies, operating in more than 120 countries with over 180 production facilities across 55 countries. Its portfolio includes globally recognized brands such as Evian, Activia, Silk, International Delight, Volvic, Actimel, AQUA, and Danone yogurt.
The company reported group sales of €27.3 billion during 2025, making it one of the largest consumer goods manufacturers targeted by ransomware groups this year.
Evidence remains limited
Although Qilin published several sample documents, the full scope of any alleged compromise remains unclear. The purported evidence appears to include internal financial summaries, customer-related documentation, sales reports, and contractual agreements.
At this stage there is no independent confirmation that the files originated from Danone, nor has the company confirmed that customer, employee, or corporate information was accessed.
Qilin continues targeting large enterprises
First observed in 2022, Qilin has become one of the most active ransomware operations targeting large organizations across manufacturing, healthcare, financial services, retail, transportation, and government sectors. The group has continued adding new alleged victims throughout 2026, with Danone becoming one of its latest claims.
The alleged attack also continues a recent trend of ransomware groups targeting major food and beverage manufacturers. Earlier this week, BreachNews reported on the confirmed ransomware attack that disrupted Fairlife’s U.S. production, highlighting the sector’s continued exposure to cyber extortion.
Danone had not issued any public statement at time of publication.












