McDonald's Was Hit By A Data Breach At Some U.S. Franchise Locations

McDonald's was hit by a data breach that affected stores in a various countries including Taiwan, South Korea, and the United States. The issue was discovered when unauthorized activity on an internal security system was noticed.

The Wall Street Journal got a hold of a message that was sent out to United States employees, where McDonald's explained that the breach disclosed some business contact information for U.S. employees and McDonald's franchises. Other information about seating capacity and square footage of play areas was also vulnerable to the breach.

In the United States no customer data was breached, but in Taiwan and South Korea some customer emails, phone numbers, and addresses for delivery customers were stolen. Employee information like names and contacts were also stolen in Taiwan. In no area was customer payment information at stake.

No business operations were interrupted due to the breach and none of the data collected from the U.S. was considered sensitive. Moving forward, McDonald's told employees and franchisees to be on the lookout for phishing emails and to be careful when giving out information. McDonald's Corporation is making investments in their cybersecurity defense and released the following statement:

McDonald’s understands the importance of effective security measures to protect information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense. These tools allowed us to quickly identify and contain recent unauthorized activity on our network. A thorough investigation was conducted, and we worked with experienced third parties to support this investigation.

While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data. Based on our investigation, only Korea and Taiwan had customer personal data accessed, and they will be taking steps to notify regulators and customers listed in these files. No customer payment information was contained in these files. In the coming days, a few additional markets will take steps to address files that contained employee personal data.

Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures.

You Might Also Like