McDonald’s is the latest massive corporation to be hit by a cyberattack. According to The Wall Street Journal, the bad actors that infiltrated its systems managed to steal customer and employee information from its businesses in the US, South Korea, and Taiwan. No customer data was stolen in the US, in particular, but the hackers got away with contact information for US employees and franchisees. They also helped themselves to some store information, including seating capacity and the size of play areas.
However, in South Korea and Taiwan, hackers could steal customer information, including people’s emails, phone numbers, and delivery addresses. Taiwanese employees’ names and contact details were stolen, as well. However, the fast-food chain assured The Journal that no customer payment information was affected in this data breach.
The company discovered the incident after hiring external consultants to investigate unauthorized activity on an internal security system. McDonald’s cut off unauthorized access a week after it was identified for the three markets. It credits the increased investment it made in cybersecurity in recent years to launch a quick response. It’s worth noting that the investigators also flagged South Africa and Russia, and McDonald’s said it would notify those divisions of possible unauthorized access to their information.
“Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures,” the fast-food giant said in a statement.
While the bad actors made away with sensitive information, ransomware wasn’t involved in this incident, unlike the attacks that hit JBS, Colonial Pipeline, and numerous other corporations. JBS, one of the biggest meat suppliers in the US, paid an equivalent of $11 million in ransom. Meanwhile, Colonial Pipeline paid its attackers 75 Bitcoins (worth around $4.3 million at the time) after the hack led to fuel shortages across the East Coast. That said, the DOJ could recover 63.7 Bitcoins of the ransom paid by obtaining a private key to the hackers’ wallet.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.