Some customer and employee information of McDonald’s Corp’s business in South Korea and Taiwan was exposed to hackers in a data breach, the company said on Friday. This made the largest burger chain of the world the latest global firm to be targeted by hackers.
After identification of an unauthorized activity on the company’s network, the company initiated an investigation by external consultants which revealed the details of the breach in the two regions.
“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data,” McDonald’s said in a statement.
In its statement the company said that it will take measures to notify the regulators of the breach as well as inform the customers that were listed in the files. The company however said that the exposed files did not have any customer payment data.
In recent days, there has been a series of attacks by cybercriminals resulting in cyber breach in the servers and IT systems of hospitals and global companies – which included meat processor JBS and Colonial Pipeline oil, and these hacks have resulted in disruption in operations for hours and causing worries of shortage of supplies.
According to reports in order to gain control of their operations and restart production, some companies have had to pay a ransom to the hackers. McDonald’s said it would use the findings from the investigation to identify ways to improve its security measures.
The investigation into the breach by McDonald’s showed that hackers had gained access to the data of the company in the United States as well.
Some business contact information for employees and franchisees in the US as well as some information about restaurants such as seating capacity and the square footage of play areas was disclosed by the breach, McDonald’s said in a message to US employees.
While no customer data was breached in the hack, the disclosed employee data did not contain any sensitive or personal data. Employees and franchisees of the company were advised by McDonald’s to keep an eye for phishing emails and to use their discretion when they are asked ot furnish information, the company said.
In the breach in South Korea and Taiwan, customer emails, phone numbers and addresses for delivery customers were stolen by hackers, McDonald’s said. Employee information including names and contact information, were also compromised in the Taiwan hack, the company said. The company did not disclose the number of files that were exposed or the number of people affected but said the number of files exposed was small.
The company would also notify the some employees in South Africa and Russia about possible unauthorised access to their information as the investigation had flagged those countries as well.
“McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures,” the company said.
(Adapted from USNews.com & WSJ.com)