The data breach was discovered by consultants McDonald’s hired to “investigate unauthorized activity on an internal security system.” according to The Wall Street Journal. In the United States, McDonald’s states that the only data accessed was franchisee contact information, non-private/sensitive employee contact information, seating in stores, and square footage of leeway.
However, things didn’t go so well for the fast food titan’s Taiwanese and South Korean weapons. Attackers collected personal information from customers (such as emails, phone numbers and addresses), but not payment information. They were also given employee information (such as names and contact details). The company told The edge that it will “take steps to notify regulators and customers identified in these files” and that the number of files exposed was small.
The business operations have had no consequences for the infringement. McDonald’s also stated that “in the coming days, a few additional markets will take steps to address files containing employee personal information.” The Wall Street Journal notes that those “additional markets” include both Russia and South Africa, which were also highlighted in that study.
While the breach certainly could have been much bigger (and more devastating), it is yet another entry in a growing list of cyberattacks against large companies by malicious hackers.
through The edge