Sponsored Links

McDonald's hit by data breaches in US, South Korea and Taiwan

Thankfully, no customer payment information was stolen.
Ljubljana, Slovenia - September 3, 2011: Close-up of McDonalds outdoor sign with  typical rounded yellow M letter against cloudless blue sky. Sign is positioned on the left side of image.
ermingut via Getty Images
Mariella Moon
Mariella Moon|@mariella_moon|June 12, 2021 12:30 PM

McDonald's is the latest massive corporation to be hit by a cyberattack. According to The Wall Street Journal, the bad actors that infiltrated its systems managed to steal customer and employee information from its businesses in the US, South Korea and Taiwan. No customer data was stolen in the US, in particular, but the hackers got away with contact information for US employees and franchisees. They also helped themselves to some store information, including seating capacity and the size of play areas.

In South Korea and Taiwan, however, the hackers were able to steal customer information, including people's emails, phone numbers and delivery addresses. Taiwanese employees' names and contact details were stolen, as well. The fast food chain assured The Journal, however, that no customer payment information was affected in this data breach.

The company discovered the incident after it hired external consultants to investigate unauthorized activity on an internal security system. McDonald's cut off the unauthorized access a week after it was identified for the three markets, and it credits the increased investment it made in cybersecurity in recent years for being able to launch a quick response. It's worth noting that the investigators also flagged South Africa and Russia, and McDonald's said it will notify those divisions of possible unauthorized access to their information. 

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

"Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures," the fast food giant said in a statement.

While the bad actors made away with some sensitive information, ransomware wasn't involved in this incident unlike in the attacks that hit JBS, Colonial Pipeline and numerous other corporations. JBS, one of the biggest meat suppliers in the US, paid an equivalent of $11 million in ransom. Meanwhile, Colonial Pipeline paid its attackers 75 Bitcoins (worth around $4.3 million at the time) after the hack led to fuel shortages across the East Coast. That said, the DOJ was able to recover 63.7 Bitcoins of the ransom paid by obtaining a private key to the hackers' wallet.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
McDonald's hit by data breaches in US, South Korea and Taiwan