The specifics of the data leak have not been revealed.
Customer information from the US was not exposed, however, information from South Korea and Taiwan was. Personnel data, such as names and contact information, was also lost in Taiwan as a result of the assault. According to the Wall Street Journal, the breach includes U.S. employee contact information, franchisee information, and restaurant information such as seating capacity and square area.
“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data”, said McDonald’s. According to the corporation, the attack was identified as a result of the burger chain’s major investment in cybersecurity processes.
As reported by Softpedia a spokesperson told CNN Business that, “These tools allowed us to quickly identify and contain recent unauthorized activity on our network”. McDonald’s, on the other hand, would not declare a data breach if its cybersecurity safeguards were robust. It’s a strange flip of phrase to say that a data leak is an indicator of efficient cybersecurity. Although there is no proof that ransomware was utilized, data from three distinct countries was taken, and many assaults were carried out.
The data hack, according to Kate Kuehn, senior vice president of application relationship management company vArmour Networks Inc, is a stark reminder that all businesses must assume they have already been compromised and embrace a zero-trust defence posture. Companies must respond to and contain an event, and real-time visibility and application relationship management are key to success.
McDonald’s said Friday that its businesses in South Korea and Taiwan alerted Asian regulators of the breach and that they would notify consumers and staff. According to the corporation, its divisions will also alert selected employees in South Africa and Russia of suspected unlawful access to their information. The inquiry had also identified certain countries.
According to McDonald’s, attackers collected customer emails, phone numbers, and addresses from delivery customers in South Korea and Taiwan. According to McDonald’s, hackers obtained employee information in Taiwan, including names and contact information. The business stated that the quantity of data exposed was limited, but did not specify how many persons were affected. The leak did not include any payment information from customers.