BACKGROUND:

It has been reported that McDonald’s, the world’s largest burger chain, has suffered a data breach today. Locations in South Korea and Taiwan have had data exposed including some customer and employee information, making it the latest global company to be targeted by cybercriminals. It is also believed U.S. operations have also been impacted.

The attackers accessed e-mails, phone numbers and delivery addresses, but the breach did not include customer payment information, the company said.

The details of the breach in the two regions were the result of an investigation by external consultants following an unauthorized activity on the company’s network.

“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data,” McDonald’s said in s statement.

Experts Comments

June 18, 2021
Jerome Becquart
COO
Axiad

Recent data breaches like this have shown that any organization, no matter how large, can be vulnerable to attack without the right cybersecurity infrastructure. It's essential for businesses to invest in cybersecurity solutions that contain these kinds of threats and limit their impact on the organization. The first step businesses need to take is to re-consider how they authenticate their users and devices. Getting rid of passwords is essential. Organizations instead need to invest in

.....Read More

Recent data breaches like this have shown that any organization, no matter how large, can be vulnerable to attack without the right cybersecurity infrastructure. It's essential for businesses to invest in cybersecurity solutions that contain these kinds of threats and limit their impact on the organization. The first step businesses need to take is to re-consider how they authenticate their users and devices. Getting rid of passwords is essential. Organizations instead need to invest in multi-factor authentication to provide trust in their users and strengthen their security perimeter. The second step is to consider the numerous machines and devices connected to their network that could be vulnerable to threats. Enabling technology such as PKI to authenticate these identities will provide an additional layer of security to defend against attacks.

  Read Less
June 14, 2021
Tom Garrubba
Senior Director and CISO
Shared Assessments

In the minds of threat actors, everyone is fair game. The onslaught of breaches and other vicious cyber-attacks are not letting up and therefore we must be more diligent in ensuring we do not let our guard down. The legacy mindset of many organization was to stress over defending personally identifiable information of customers and employees (for fears of lawsuits), but we’re also seeing a large uptick in attacks on organizations that don’t appear to involve personal data; infrastructure

.....Read More

In the minds of threat actors, everyone is fair game. The onslaught of breaches and other vicious cyber-attacks are not letting up and therefore we must be more diligent in ensuring we do not let our guard down. The legacy mindset of many organization was to stress over defending personally identifiable information of customers and employees (for fears of lawsuits), but we’re also seeing a large uptick in attacks on organizations that don’t appear to involve personal data; infrastructure and other confidential data are now becoming big targets. Organizations must be as diligent in protecting their company’s intellectual property like products, strategies, distribution and supply chains, etc., with the same care they use to protect customer and employee personally identifiable information.

  Read Less
June 14, 2021
Ed Bishop
CTO
Tessian

Hackers will be quick to exploit the business contact details exposed in this breach - either simply selling the data on or using the information to send convincing phishing, smishing or vishing attacks to victims of the breach. For example, cybercriminals could send phishing emails to individuals whose contact details were breached, asking them to click a link to update their username and password in the wake of the incident, in order to harvest credentials and gain access to data and

.....Read More

Hackers will be quick to exploit the business contact details exposed in this breach - either simply selling the data on or using the information to send convincing phishing, smishing or vishing attacks to victims of the breach. For example, cybercriminals could send phishing emails to individuals whose contact details were breached, asking them to click a link to update their username and password in the wake of the incident, in order to harvest credentials and gain access to data and systems. In a more advanced attack, the cybercriminal would use the knowledge that the contact has a business email relationship with McDonalds and impersonate the brand to create further legitimacy to the attack. With people's phone numbers being exposed too, cybercriminals could make their social engineering campaigns even more convincing by following up their email with a voice phishing - vishing - call. 

 

The warning for all McDonald's employees and franchisees, then, is to watch out for phishing emails and verify any requests for payments or information with the supposed source via another means of communication before complying with the request. No matter how urgent the message appears, always take a minute to check its legitimacy.

 

  Read Less
June 14, 2021
Paul Bischoff
Privacy Advocate
Comparitech

McDonald's customers in Taiwan and South Korea who have given the company their contact information at any point should be on the lookout for phishing emails. Scammers will send emails and texts posing as McDonald's or a related company, using personal data from the breach to personalize messages and make them more convincing. These messages will most likely instruct victims to click on a malicious link that either downloads malware or goes to a fake website. The website will ask victims for

.....Read More

McDonald's customers in Taiwan and South Korea who have given the company their contact information at any point should be on the lookout for phishing emails. Scammers will send emails and texts posing as McDonald's or a related company, using personal data from the breach to personalize messages and make them more convincing. These messages will most likely instruct victims to click on a malicious link that either downloads malware or goes to a fake website. The website will ask victims for their login or payment information, which is then stolen by the attackers.

Never click on links in unsolicited emails and always verify the sender before responding.

  Read Less
June 14, 2021
Chris Hauk
Consumer Privacy Champion
Pixel Privacy

It sounds as if McDonald's is being proactive about protecting its data, taking steps to detect data breaches, and quickly making the necessary moves to cut off hacker access once it was detected. The company also appears to be taking steps to better protect itself against future attacks and breaches.

June 14, 2021
Jamie Akhtar
CEO and Co-founder
CyberSmart

This recent data breach of McDonald’s shows how critical it is for organisations to recognise that security is a matter of when, not if, and we should all take steps to implement a secure baseline - recognition really is the first step. 

 

Fortunately, there is no need to re-invent the wheel of your own security program. Start by aligning with the UK Government’s guidelines. Think of it as an ongoing program rather than a project as well. Security should be embedded within the culture, and

.....Read More

This recent data breach of McDonald’s shows how critical it is for organisations to recognise that security is a matter of when, not if, and we should all take steps to implement a secure baseline - recognition really is the first step. 

 

Fortunately, there is no need to re-invent the wheel of your own security program. Start by aligning with the UK Government’s guidelines. Think of it as an ongoing program rather than a project as well. Security should be embedded within the culture, and although most businesses are not likely to suffer highly sophisticated attacks, it’s important to keep updated as the landscape shifts. For example, phishing has become increasingly popular and will likely impact employees and franchisees of McDonald's in the coming months now that their contact information is out in the open. The benefit of a holistic approach to cyber is not only that you can worry less but the next time a customer asks about your security, you can answer with confidence you’re on top of it.

  Read Less
June 14, 2021
Sam Curry
Chief Security Officer
Cybereason

The McDonald's data breach is yet another reminder that every minute of everyday threat actors around the world are focused on cybercrime, espionage and data theft. And more and more this activity is state sponsored and run through Russia, China, Iran, North Korea and other countries that harbor cyber terrorists. Make no mistake that while this newest threat doesn't appear to involve ransomware, data breaches are occurring more frequently but maybe with fewer headlines because of the Colonial

.....Read More

The McDonald's data breach is yet another reminder that every minute of everyday threat actors around the world are focused on cybercrime, espionage and data theft. And more and more this activity is state sponsored and run through Russia, China, Iran, North Korea and other countries that harbor cyber terrorists. Make no mistake that while this newest threat doesn't appear to involve ransomware, data breaches are occurring more frequently but maybe with fewer headlines because of the Colonial Pipeline, JBS and SolarWinds attacks.

 

The recouping of more than $2 million by the FBI from DarkSide threat actors that carried out the Colonial Pipeline breach sends a clear message to the criminals that you are not immune to repercussions. Hopefully, the actors behind the McDonald's data breach feel the pressure from law enforcement agencies and we find out where they are located and bring them to justice. Ransomware gangs and cyber-crime syndicates are in a sense startups with their own venture capital and business models, but they must continue to be treated like the criminals they are and not glorified for breaking the law and causing disruptions around the world.

 

The silver lining appears to be that McDonald's has admitted increasing its investments in cybersecurity defense and the data breach was discovered early enough to shut off access to critical corporate data, customer data and maybe even the recipe for the secret sauce used in McDonald's iconic Big Mac. Kudos to McDonald's for being transparent and we look forward to hearing more from them as they can be seen as the hero in this situation if they prevent future data breaches and share some of their playbook with the industry to help other companies from being victimized. Having a post breach mindset is critical in combating cyber risks to businesses. You must assume the threat actors will get in, because they eventually will, and stop them quickly and push them out of networks.

 

With next week's Biden/Putin summit in Geneva taking place, will a photo opp between the two leaders and a joint press conference lead to agreements to reign in the threat actors Putin harbors in Russia and other world leaders do in Eastern European countries? The answer is unequivocally no. Actions speak louder than words and over the next 6-12 months if substantial progress is made on identifying the safe havens where numerous threat actors operate out of in Russia and other Eastern European countries, then we will know that the discussions in Geneva worked. If it's just more of the same and the ransomware pandemic worsens, data breaches continue to increase, then we'll know that it's more of the same type of cyber saber rattling that has been going on between countries for more than 20 years.

  Read Less
June 14, 2021
Nikos Mantas
Incident Response Expert
Obrela Security Industries

Not a week goes by recently without another major organisation falling victim to cyberattack. The rise in attacks indicates need for organisations to practice cyber-resilience and take steps to mitigate the risks cyberattacks pose, before they actually happen. Cyberattacks are here to stay, so the only defence today is getting into a post-breach mindset before they happen to limit the negative outcomes such as loss of customer PII, employee information and loss of consumer trust, not to mention

.....Read More

Not a week goes by recently without another major organisation falling victim to cyberattack. The rise in attacks indicates need for organisations to practice cyber-resilience and take steps to mitigate the risks cyberattacks pose, before they actually happen. Cyberattacks are here to stay, so the only defence today is getting into a post-breach mindset before they happen to limit the negative outcomes such as loss of customer PII, employee information and loss of consumer trust, not to mention substantial regulatory fines for incomliance.

  Read Less
June 14, 2021
Javvad Malik
Security Awareness Advocate
KnowBe4

Details about the breach are sparse at the moment, but it's commendable that the security team at McDonalds was able to detect anomalous activity and investigation was carried out and discovered the breach. With many criminals spending weeks, if not months within organisations to exfiltrate data, understand the network, and often deploy ransomware; being able to detect and respond to this intrusion before it became a much larger incident highlights the value in having a robust layered security

.....Read More

Details about the breach are sparse at the moment, but it's commendable that the security team at McDonalds was able to detect anomalous activity and investigation was carried out and discovered the breach. With many criminals spending weeks, if not months within organisations to exfiltrate data, understand the network, and often deploy ransomware; being able to detect and respond to this intrusion before it became a much larger incident highlights the value in having a robust layered security capability.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.