McDonald’s, the world’s largest fast-food company, has announced a data breach after hackers broke into company systems and took data from customers and employees in the United States, South Korea, and Taiwan.
McDonald’s serves nearly hundreds of millions of consumers per day in over 39,000 locations in over 100 countries, including around 14,000 restaurants in the United States alone.
McDonald’s said Friday that it recruited external consultants to look into unauthorized activity on an internal security system, which was triggered by a specific event in which the unauthorized access was turned off a week after it was discovered.
According to the Wall Street Journal, McDonald’s advised US employees that the attackers could only take business contact information from US employees and franchises that wasn’t personal or sensitive.
Customers’ personal information (including names, emails, phone numbers, and addresses) was also stolen by the threat actors in South Korea and Taiwan.
However, the incident exposed a tiny number of customer data, and the breach had no effect on consumers’ financial information.
McDonald’s said its operations in South Korea and Taiwan notified Asian regulators of the breach on Friday, adding that customers and staff would be contacted.
Some employees in South Africa and Russia would also be notified of suspected unauthorized access to personal information, according to the company.
“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data,” McDonald’s told BleepingComputer.
Those countries had also been identified by the probe.
The breach did not impact business at McDonald’s restaurants, and it did not include a ransomware attack, in which hackers demand money in exchange for control of data and operations.
McDonald’s said it wasn’t asked for ransom, nor did it make any payment to the hackers.
McDonald’s said that in recent years, it has boosted its investment in cybersecurity measures, and that these technologies assisted it in responding to the new incident.
Soon after the breach was discovered, the corporation stated it cut off hackers’ access to data.
You might also like: Volkswagen suffers massive data breach: 3.3 million customers impacted