McDonald’s Suffers Security Breach
The Hackers Stole Sensitive Data from the Company’s Systems in Markets Including the U.S., South Korea, and Taiwan.
McDonald’s, the world’s largest restaurant chain by revenue, recently revealed that it was the target of a security breach.
On Friday, the burger chain said it hired external consultants to investigate unauthorized activity on an internal security system, prompted by a specific incident in which the unauthorized access was cut off a week after it was identified. It was discovered that company data had been breached in markets including the U.S., South Korea, and Taiwan.
Image Source: GETTY IMAGES
In a statement to ABC News, McDonald’s Corporation said that
While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data.
Although customer personal data in Korea and Taiwan had been accessed by the threat actors, the company claims no files contained payment information. McDonald’s assured its customers that it will be “taking steps to notify regulators and customers listed in these files.”
The company added that
In the coming days, a few additional markets will take steps to address files that contained employee personal data.
On Friday, The Wall Street Journal reported that the breach disclosed some business contact information for U.S. employees and franchisees, along with some information about restaurants such as seating capacity and the square footage of play areas. Additionally, the company said no customer data was breached in the U.S., and that the employee data exposed wasn’t sensitive or personal.
McDonald’s advised employees and franchisees to be on the lookout for phishing emails and be discrete when asked for information.
McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures.
A String of High-Profile Breaches
This security breach comes after a series of high-profile cybersecurity attacks have impacted business leaders and lawmakers.
Last week, US leading distributor of foodservice equipment and supplies Edward Don has suffered a ransomware attack that has forced the company to shut down portions of the network to prevent the attack from spreading.
Colonial Pipeline, the largest fuel pipeline operator in the U.S., was forced to shut down after being hit by ransomware in a clear demonstration of the vulnerability of energy infrastructure to this type of cyberattacks. The operator paid the hackers nearly $5 million in cryptocurrency in return for a decryption key to restore its systems.
JBS Foods, the world’s largest meatpacking organization, was forced to shut down production at several sites all over the world following a ransomware attack in early June. JBS declared this week that it paid an $11 million ransom to the REvil ransomware group to keep their stolen information from being leaked online and reduce any unanticipated issues related to the cyberattack.