McDonald’s announced Friday that hackers infiltrated its system and stole data in the U.S., South Korea, and Taiwan markets, according to the Wall Street Journal.
The burger giant told U.S. workers the breach uncovered contact information for employees and franchisees, in addition to other details like seating capacity and square footage. McDonald’s clarified that no customer data was taken and that information accessed by hackers wasn’t sensitive or critical in nature.
The South Korean and Taiwan markets weren’t as fortunate. The Journal reported that hackers captured emails, phone numbers, and addresses of delivery customers. In Taiwan specifically, names and contact information of employees were stolen. McDonald’s didn’t share how many individuals were exposed, but it did note that the number was small. The hack didn’t include customer payment information.
McDonald’s notified regulators in Asia on Friday, and are also planning to contact affected customers and employees. Investigators also flagged South Africa and Russia for a possible breach, so the company will notify employees in those divisions, as well. McDonald’s said the incident was not a ransomware attack in which hackers hold information hostage and demand payment in return. Business wasn’t interrupted, and the chain didn’t pay out any funds to cut off the breach.
The data breach was discovered by outside consultants who were recently brought on to investigate unauthorized activity on an internal security system, the Journal said. McDonald’s kicked out the hackers as soon as the cyberattack was uncovered. The chain said it will leverage findings from the investigation and input from security resources to further enhance existing security measures.
“McDonald’s understands the importance of effective security measures to protect information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense,” the company said in a statement. “These tools allowed us to quickly identify and contain recent unauthorized activity on our network.”
Because data was stolen, McDonald’s reportedly advised workers and franchisees to be on the lookout for phishing emails and be cautious when asked for information.
Ed Bishop, co-founder and CTO of email software company Tessian, said hackers will exploit the business contact details exposed in the breach by either selling the data or using the information to send convincing phising, smihising, or vishing attacks to victims of the breach. For example, the hackers could send phishing emails to individuals whose contact details were breached, and ask them to click on a link asking for a username and password. The attackers could also impersonate McDonald’s to give the illusion of legitimacy.
“The warning for all McDonald's employees and franchisees, then, is to watch out for phishing emails and verify any requests for payments or information with the supposed source via another means of communication before complying with the request,” Bishop said in a statement. “No matter how urgent the message appears, always take a minute to check its legitimacy.”
The burger brand is the latest in a growing list of major companies that have fallen victim to a data hack. Recent incidents include JBS, the world’s largest meat processor, Colonial Pipeline, a prominent fuel supplier on the East Coast, and Electronic Arts, a popular video game producer.
Other restaurants have been hit in recent memory. In early 2020, Landry’s, the parent of brands like s Landry’s Seafood, Chart House, Saltgrass Steak House, Bubba Gump Shrimp Co., Claim Jumper, and Morton’s The Steakhouse, said malware may have affected customers’ credit card information. The malware searched for track data, which may include the cardholder’s name, card number, expiration date, and internal verification code after it was entered into the order-entry systems.