McDonald's has disclosed a data breach, in which hackers allegedly stole some data from technology systems in the United States, South Korea and Taiwan, the fast food restaurant chain disclosed, The Wall Street Journal reports.
The McDonald's data breach did not involve a ransomware attack, according to the report. Key McDonalds data breach details, summarized from The Journal below, include:
- The company hired external consultants to investigate unauthorized activity on an internal security system.
- The company cut off the unauthorized access one week after it was identified.
- McDonald's did not disclose the specific date the attack was disclosed.
McDonald's did not disclose whether the external consultants represent MSSP and/or MDR service providers.
Below are additional details that surfaced on June 11, 2021. Check this blog regularly for potential incident timeline updates.
McDonald's Data Breach: U.S. Details
- The breach disclosed some business contact information for U.S. employees and franchisees, along with some information about restaurants such as seating capacity and the square footage of play areas.
- The employee data exposed wasn’t sensitive or personal.
- No customer data was breached in the U.S., and that the employee data exposed wasn’t sensitive or personal.
McDonald's Data Breach: South Korea and Taiwan Details
- Attackers stole customer emails, phone numbers and addresses for delivery customers in South Korea and Taiwan.
- In Taiwan, hackers also stole employee information including names and contact information,.
- The company said the number of files exposed was small without disclosing the number of people affected.
- The breach didn’t include customer payment information.
Other Regions: McDonalds divisions will also notify some employees in South Africa and Russia of possible unauthorized access to their information.