McDonald’s discloses hack of customer data in South Korea and Taiwan
Hackers recently breached the IT systems of McDonald’s and accessed email addresses, phone numbers and delivery addresses for certain customers in South Korea and Taiwan, the fast food giant said Friday.
“In the coming days, a few additional markets will take steps to address files that contained employee personal data,” McDonald’s said in an emailed statement.
The burger chain said it quickly identified and contained the breach, which involved a “small number of files.” No customer payment information was affected, according to McDonald’s.
The breach also involved business contact information of U.S. employees and franchisees, the Wall Street Journal reported. In some cases, the intruders also accessed data about restaurant seating capacity and the square footage of play areas, the Journal reported.
It was unclear who was responsible for the hack. A McDonald’s spokesperson did not respond to an emailed question on who the culprit might be.
McDonald’s, which reported $19.2 billion in revenue last year, is only the latest fast food vendor to have customer data stolen by hackers.
In other cases, by compromising payment machines, cybercriminals have swept up troves of customer data. That’s what happened in a 2019 breach of Checkers Drive-In Restaurants, when hackers accessed data such as payment card numbers and verification codes in an incident that affected more than 100 Checkers locations. The most notorious group to use the tactic is known as FIN7, a multibillion dollar criminal enterprise that has targeted payment data at Chipotle, Red Robin and Taco’s John.
McDonald’s defended its cybersecurity practices on Friday.
“McDonald’s understands the importance of effective security measures to protect information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense,” the company’s statement reads.
“Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures.”