The Golden Arches are not so shiny today it seems, as the world's biggest fast-food chain, McDonald's, has been hit by an international data breach.
A McDonald's in Seoul.
The company reported today that hackers have stolen data containing employee and restaurant information from its South Korean, Taiwanese, and United States markets. Though it is believed that the data was not sensitive nor personal, it still raises concerns for the future.
According to The Wall Street Journal, the bad actors that infiltrated its systems managed to steal customer and employee information from its businesses in the US, South Korea and Taiwan.
No customer data was stolen in the US, in particular, but the hackers got away with contact information for US employees and franchisees. They also helped themselves to some store information, including seating capacity and the size of play areas.
The company discovered the incident after it hired external consultants to investigate unauthorized activity on an internal security system. McDonald's cut off the unauthorized access a week after it was identified for the three markets, and it credits the increased investment it made in cybersecurity in recent years for being able to launch a quick response. It's worth noting that the investigators also flagged South Africa and Russia, and McDonald's said it will notify those divisions of possible unauthorized access to their information.
"Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures," the fast food giant said in a statement.
McDonald's has also notified some employees in South Africa and Russia about possible data leakage.
However, it is possible that hackers did not access this data as "the number of files exposed was small." Though this data leakage could be cause for concern, it has not interrupted business and McDonald's affirms that this was not a ransomware attack.
While the bad actors made away with some sensitive information, ransomware wasn't involved in this incident unlike in the attacks that hit JBS, Colonial Pipeline and numerous other corporations.