Evian, Silk, International Delight maker Danone hit by Qilin ransomware gang
Hackers claim they stole financial records, customer data, and thousands of internal company files.

Images by Jirapan Switch | The Image Party | Shutterstock
- Qilin claimed a ransomware attack on Danone, saying it stole 221 GB of internal company files.
- The alleged leaked data includes financial reports, customer records, confidentiality agreements, and sales documents from 2023 to 2025.
- Danone sells major brands including Evian, Activia, Silk, and International Delight across more than 120 countries.
- The claim highlights Qilin’s growing threat after it listed over 1,000 victims in 2025 and 700 more by mid-2026.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
Danone – producer of Evian water, the popular International Delight creamer brand, and Silk almond milk – has been claimed by the Qilin hacker gang in the latest ransomware attack targeting one of the world’s largest food and beverage companies.
The notorious ransomware group listed Danone on its dark web leak site earlier this week, claiming to have stolen 221 GB of files from the conglomerate’s internal servers.
Danone's 15-brand portfolio includes its flagship Danone yogurt brand, along with household names such as:
- Evian
- Activia
- International Delight
- Silk
- Volvic
- AQUA
- Actimel
What data was stolen?
Qilin claims to have published 221 GB of data, exfiltrating a massive cache of 91,558 files. The hackers did not excplicity specify exactly what types of data it allegedly stole.
The ransomware group did post an alleged sample of 6 files, which Cybernews was able to view.
The proof pack appears to contain various documents dating from 2023 through 2025 – including year-end and quarterly financial summaries, a customer account database and customer issues report, non-disclosure and confidentiality agreements, and monthly customer sales reports.
Founded in 1919 and headquartered in Paris, Danone products are sold in over 120 countries.
According to its website, the food and beverage giant operates more than 180 production facilities across 55 countries, employing over 90,000 individuals.
In the US alone, Danone has 13 manufacturing facilities, an R&D center, and two headquarters, including a major regional hub just outside of New York City.
The company reported €27.3 billion in group sales in 2025.
Cybernews has reached out to Danone and is awaiting a response at the time of this report.
Who is Qilin?
First identified by researchers in 2022, the Russian-linked cybercriminal group earned the title of most active ransomware gang of 2025 and appears to have maintained its top spot for the first half of 2026.
Qilin’s typically targets victims from the manufacturing, financial, retail, and healthcare sectors, also favoring government agencies and transportation-related entities.
According to Cybernews’ in-house surveillance tool Ransomlooker, the gang listed more than 1,000 victims in 2025 and has extended that surge into 2026, claiming more than 700 additional victims by mid-July.
Last month, Qilin claimed to have successfully hacked 1-800-Dentist, threatening to leak the health data of millions of people who have used the popular US-centric dental referral service.
Since January, the group listed global food distributor Sysco Corporation and the US-based commercial real estate giant Cushman & Wakefield, with both victims also claimed by the notorious ShinyHunters extortion group.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
Two New York-centric breaches were also claimed by the gang in the first half of the year – the Shipping Association of New York & New Jersey (SANYNJ), which runs one of North America’s busiest ports, as well as New York City’s TWU Local 100 – a union representing more than 67,000 active and retired transit workers for the nation’s largest public transportation system.
High-profile claims in 2025 included Japan's Asahi Holdings., digital gaming giant International Game Technology (IGT), Korea’s SK Group, US newspaper group Lee Enterprises, Nissan Japan's design arm, Creative Box, and the controversial religion Scientology.
Check if your data has been leaked