McDonald’s Cyberattack Sees Customer & Employee Data Stolen


Staff Writer

Fast-food giant McDonald’s is the latest victim in a series of cyberattacks targeting high-profile multinational firms. In this incident, early indications suggested hackers stole employee and franchisee data from multiple markets McDonald’s operates in.

McDonald’s initially told its US employees that the hackers obtained some contact information for US-based employees and franchisees, alongside data on certain outlets.

In South Korea and Taiwan, the hackers reportedly stole the names and contact information of delivery customers. In Taiwan, the hackers also obtained the names and contact information of a small number of employees.

There were also concerns the hackers obtained some contact information about employees in South Africa and Russia.

More recent updates from McDonald’s indicates the cyberattack only accessed data in South Korea and Taiwan.

The attack did not interrupt business operations or payment systems. McDonald’s says no ransom was demanded or paid.

In a media statement, McDonald’s said “a small number of files were accessed.” McDonald’s says a specific instance of unauthorised activity on an internal security system was quickly identified and cut off. The hamburger giant attributes the speedy identification and resolution of the attack to substantial recent cybersecurity upgrades.

“McDonald’s understands the importance of effective security measures to protect information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defence,” the McDonald’s statement reads. “These tools allowed us to quickly identify and contain recent unauthorized activity on our network.”

Kevin Breen, director of cyber threat research at Immersive Labs, says McDonald’s strong cyber defences and early disclose helped minimise the damage from the attack.

“Unfortunately, it’s just another day; it’s just another data breach,” Breen says. “It has become almost trendy for attackers to go after these bigger names. What we are seeing is a move toward high impact for the attackers.”

Jonathan Knudsen, Senior Security Strategist at Synopsys Software Integrity Group, says this latest cyberattack is another example demonstrating that every organisation is a software organisation.

“Every organisation in every industry depends on software for critical business function,” Knudsen says. “Consequently, every organisation in every industry must embrace a proactive approach to cybersecurity. Without a security mindset in all parts of the organisation, the risk of disaster is high.”

Jonathan Knudsen says every organisation needs to roll out and operate software with a continual eye on security.

“As software becomes more entrenched in the fabric of society, and as criminals get better at exploiting weak security processes, good security hygiene will become a competitive differentiator. Eventually, organisations will see software security not as a cost centre or hurdle but as an enabler to a faster, more efficient, less risky future.”

McDonald’s says it is working with external agencies and consultants in the wake of the cyberattack. They say they will continue to increase cybersecurity measures.

“McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures.”