McDonald’s is now one of the latest companies to have suffered a third-party data breach. The company says it is not dealing with ransomware, but that the breach did include store information from the US and some customer information in both Taiwan and South Korea.
The data breach was discovered by consultants McDonald’s hired to “investigate unauthorized activity on an internal security system,” according to The Wall Street Journal. In the United States, McDonald’s states that the only data accessed was franchise business contact information, non-private/sensitive employee contact information, store seating capacities, and play area square footage.
Things didn’t fare as well for the fast food titan’s Taiwanese and South Korean arms, however. Attackers collected customer personal data (like emails, phone numbers, and addresses), but not any payment information. They also got employee information (like names and contact information). The company told The Verge that it “will be taking steps to notify regulators and customers listed in these files” and that the number of files exposed was small.
No business operations were affected by the breach. McDonald’s also stated that “in the coming days, a few additional markets will take steps to address files that contained employee personal data.” The Wall Street Journal notes that those “additional markets” include both Russia and South Africa, which were also flagged in that investigation.
Though the breach could certainly have been far larger (and more devastating), it’s yet another entry in a growing list of cyberattacks on major corporations by malicious hackers.
via The Verge