McDonald’s told the WSJ the company discovered the breach after hiring consultants to “investigate unauthorized activity on an internal security system.” In the United States, the information stolen involved contact information for franchises, the seating capacity of stores, and the square footage of play areas.
As for South Korea and Taiwan, customer personal data accessed, forcing the company to “notify regulators and customers listed in these files.” In Taiwan, the hackers also stole employee information including names and contact information. Although this sounds potentially detrimental to those victimized, McDonald’s assured The Verge that no payment information was present in the tampered files. Along with the United States, South Korea, and Taiwan, markets like South Africa and Russia were also cited for suspicious activity during the consultant’s initial investigation.
McDonald’s is the latest large corporation to be targeted by cyber hackers. Yet unlike other attacks, McDonald’s wasn’t the victim of ransomware. A breach in non-payment data for a huge chain like McDonald’s won’t create any massive problems. It explained that a few additional markets—like Russia and South Africa—will be taking steps to address files that contain employee personal data but business operations will not be interrupted.
“McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures,” the company said when explaining how it will rectify the situation and combat future breaches.