McDonald's was victim to a data breach that exposed customer data for South Korean and Taiwanese users. [1] It was detected when unauthorised activity was detected on the company's network. McDonald's mentioned employee data was accessed with no specification of countries affected. [2]
The Incident
On June 11, 2021 The Wall Street Journal announced McDonald's was exposed to a data breach. [3]. The data exposed included restaurant information, customer emails, phone numbers, and addresses for delivery customers in South Korea and Taiwan. Employee information including, names and contact information. [4]
Aftermath
McDonald's notified users and regulators affected by the incident. The threat actors for the data breach where not publicly identified, and no evidence suggested the data was sold or released publicly.
[Company]'s response
In a statement to ABC news, McDonald's said it worked with "Experienced third parties" to conduct an investigation into the breach. "While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data,". [5]
References