- McDonald’s announced a security incident that has compromised the data of customers and employees.
- The only two countries that have been impacted by this incident are Taiwan and South Korea.
- McDonald’s maintains that no payment details have been compromised, but names and addresses have been.
McDonald’s, the world's largest fast-food restaurant chain, has confirmed that it has fallen victim to a cyberattack. The incident affects South Korea and Taiwan and includes customer and employee information from these two countries. Reportedly, the actors managed to access email addresses, phone numbers, and delivery addresses, which appear to derive from the online orders system. However, it was specifically clarified that no payment information was accessed.
As the official statement from McDonald's mentions:
While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data. Based on our investigation, only Korea and Taiwan had customer personal data accessed, and they will be taking steps to notify regulators and customers listed in these files. A few additional markets will take steps to address files that contained employee personal data.
The Taiwan and South Korean parts of the McDonald’s business haven’t experienced any operational disruption, so even if this was a ransomware attack, it hasn’t impacted the restaurant chain in a significant way. The company hasn’t shared many details about the incident, and we weren’t able to find anything appearing online, either on clearnet forums or the dark web.
This is yet another example of an economic behemoth hit by hackers, but the impact appears to be minimal in this case. If we were to guess, McDonald’s network segmentation and other security practices stopped the actors before they could dive deeper or move laterally across the network.
As for you, the customer, keep in mind that convenience always comes with the added risk of data exposure. If you have to order food online, do so by providing the minimum possible truthful information, like your home address, for example. At least in the case of a data breach, which seems to be inevitable in the long term, you won’t have to face serious repercussions.