McDonald's is the latest massive corporation to be hit by a cyberattack. According to The Wall Street Journal, the bad actors that infiltrated its systems managed to steal customer and employee information from its businesses in the US, South Korea and Taiwan. No customer data was stolen in the US, in particular, but the hackers got away with contact information for US employees and franchisees. They also helped themselves to some store information, including seating capacity and the size of play areas.
In South Korea and Taiwan, however, the hackers were able to steal customer information, including people's emails, phone numbers and delivery addresses. Taiwanese employees' names and contact details were stolen, as well. The fast food chain assured The Journal, however, that no customer payment information was affected in this data breach.
The company discovered the incident after it hired external consultants to investigate unauthorized activity on an internal security system. McDonald's cut off the unauthorized access a week after it was identified for the three markets, and it credits the increased investment it made in cybersecurity in recent years for being able to launch a quick response. It's worth noting that the investigators also flagged South Africa and Russia, and McDonald's said it will notify those divisions of possible unauthorized access to their information.
"Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures," the fast food giant said in a statement.
While the bad actors made away with some sensitive information, ransomware wasn't involved in this incident unlike in the attacks that hit JBS, Colonial Pipeline and numerous other corporations. JBS, one of the biggest meat suppliers in the US, paid an equivalent of $11 million in ransom. Meanwhile, Colonial Pipeline paid its attackers 75 Bitcoins (worth around $4.3 million at the time) after the hack led to fuel shortages across the East Coast. That said, the DOJ was able to recover 63.7 Bitcoins of the ransom paid by obtaining a private key to the hackers' wallet.