McDonald’s revealed today that it suffered a security breach that exposed some data on an ‘internal security system.’ The hack impacted the company in the US, Taiwan, and South Korea, resulting in the acquisition of some data, including on customers in the latter two markets. Unlike other recent high-profile cyberattacks, however, this one did not involve ransomware.
McDonald’s sent letters to its US employees about the data breach, according to The Wall Street Journal, which reports that the company removed the attacker’s access a week after learning about the intrusion. Customers weren’t impacted by the US data breach, which exposed some info on stores like play area square footage and seating capacity.
As well, the US breach involved some of the business contacts for franchisees and employees, though nothing ‘sensitive or personal’ was revealed, according to the report. However, the security breach did result in the alleged theft of some employee information in Taiwan, including things like contact details and names.
Beyond that, the attackers also acquired some data on customers in Taiwan and South Korea, including addresses, emails, and phone numbers. McDonald’s didn’t disclose the full number of people impacted. The company brought in external security consultants to investigate the breach.
The source of the cyberattack hasn’t been revealed and may not yet be known. McDonald’s is the latest majority company to be hit with a security breach in recent weeks, joining the panic-inducing Colonial Pipeline ransomware incident, followed by the US-based meat producer JBS, which similarly had to pay to get its operations back online.