What You Should Know About McDonald's Recent Data Breach
This is not like when Jeremy O'Sullivan and Melissa Nelson created a gadget to hack into McDonald's ever-failing ice cream machines in an attempt to make repairs easier (via Wired). This is a data breach of more worrying proportions. On June 11, The Wall Street Journal broke the news that hackers had been successful in poaching data from McDonald's systems in Taiwan, South Korea, and the United States. While, per company representatives, hackers did not access customer payment information, in South Korea and Taiwan, McDonald's cutomers' emails, phone numbers, and physical addresses given for delivery purposes were compromised. Employees' names and contact information were stolen in Taiwan. Hackers were able to access and steal business contact information and franchise data from the United States. Meanwhile, Axios reports that the fast-food company is also notifying employees in South Africa and Russia of possible hacks.
As "Hamburgler" jokes do the rounds on Twitter, company executives promised a thorough investigation into the data breach. "Moving forward, McDonald's will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures," it assured news outlets (via The Washington Post). But Mickey D's fans may well be wondering whether how worried they should be.
What McDonald's data breach really means
Hackers may not have stolen payment information from McDonald's, but that doesn't mean that customers and employees are completely in the clear. Email security expert Ed Bishop told Security Magazine that the fast-food chain's hackers would likely either sell the data obtained to third parties or use it for phishing, smishing (SMS phishing), or vishing (voice phishing) attacks. "For example, cybercriminals could send phishing emails to individuals whose contact details were breached, asking them to click a link to update their username and password in the wake of the incident, in order to harvest credentials and gain access to data and systems," Bishop posited. That's something that the chain is concerned about. Axios reports that McDonald's has asked its US-based employees to be alert to possible phishing scams.
McDonald's claims to have quickly contained the breach, but has not divulged exactly how many people were affected by it (via CBS News).