McDonalds Security Breach Fries Employee And Customer Data In The US, Taiwan And South Korea
The Golden Arches are not so shiny today it seems, as the world's biggest fast-food chain, McDonald's, has been hit by an international data breach. The company reported today that hackers have stolen data containing employee and restaurant information from its South Korean, Taiwanese, and United States markets. Though it is believed that the data was not sensitive nor personal, it still raises concerns for the future.
Recently, McDonald's discovered unauthorized activity on an internal security system, which prompted the company to lock things down and cut off access. Following this security incident, external cybersecurity consultants were brought in to investigate and found that indeed company data was accessed.
While the situation is still developing and information is being gathered, WSJ reports that the threat actor accessed no customer data in the U.S. Also, any employee information that was exposed was not sensitive nor personal. However, McDonald's did say that "attackers stole customer emails, phone numbers and addresses for delivery customers in South Korea and Taiwan." Furthermore, in Taiwan, the hackers also took employee information such as names and contact information.
McDonald's has also notified some employees in South Africa and Russia about possible data leakage. However, it is possible that hackers did not access this data as "the number of files exposed was small." Though this data leakage could be cause for concern, it has not interrupted business and McDonald's affirms that this was not a ransomware attack.
Going forward, the company is advising its employees to be on the lookout for phishing emails and to "use discretion when asked for information," according to an internal email. Moreover, the company reports that it "will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures."
Regardless, we'll keep you posted as this situation develops and more is learned about the scope and impact of this latest big data breach.