It has been reported that McDonald’s, the world’s largest burger chain, has suffered a data breach today. Locations in South Korea and Taiwan have had data exposed including some customer and employee information, making it the latest global company to be targeted by cybercriminals. It is also believed U.S. operations have also been impacted.

The attackers accessed e-mails, phone numbers and delivery addresses, but the breach did not include customer payment information, the company said.

The details of the breach in the two regions were the result of an investigation by external consultants following an unauthorized activity on the company’s network.

“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data,” McDonald’s said in s statement.

Notify of
9 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
June 14, 2021 11:16 am

<p>Details about the breach are sparse at the moment, but it\’s commendable that the security team at McDonalds was able to detect anomalous activity and investigation was carried out and discovered the breach. With many criminals spending weeks, if not months within organisations to exfiltrate data, understand the network, and often deploy ransomware; being able to detect and respond to this intrusion before it became a much larger incident highlights the value in having a robust layered security capability.</p>

Last edited 1 year ago by Javvad Malik
Nikos Mantas
Nikos Mantas , Incident Response Expert
InfoSec Expert
June 14, 2021 11:17 am

<p>Not a week goes by recently without another major organisation falling victim to cyberattack. The rise in attacks indicates need for organisations to practice cyber-resilience and take steps to mitigate the risks cyberattacks pose, before they actually happen. Cyberattacks are here to stay, so the only defence today is getting into a post-breach mindset before they happen to limit the negative outcomes such as loss of customer PII, employee information and loss of consumer trust, not to mention substantial regulatory fines for incomliance.</p>

Last edited 1 year ago by Nikos Mantas
Sam Curry
Sam Curry , Chief Security Officer
InfoSec Expert
June 14, 2021 11:19 am

<p>The <span class=\"il\">McDonald</span>\’s data breach is yet another reminder that every minute of everyday threat actors around the world are focused on cybercrime, espionage and data theft. And more and more this activity is state sponsored and run through Russia, China, Iran, North Korea and other countries that harbor cyber terrorists. Make no mistake that while this newest threat doesn\’t appear to involve ransomware, data breaches are occurring more frequently but maybe with fewer headlines because of the Colonial Pipeline, JBS and SolarWinds attacks.</p> <p> </p> <p>The recouping of more than $2 million by the FBI from DarkSide threat actors that carried out the Colonial Pipeline breach sends a clear message to the criminals that you are not immune to repercussions. Hopefully, the actors behind the <span class=\"il\">McDonald</span>\’s data breach feel the pressure from law enforcement agencies and we find out where they are located and bring them to justice. Ransomware gangs and cyber-crime syndicates are in a sense startups with their own venture capital and business models, but they must continue to be treated like the criminals they are and not glorified for breaking the law and causing disruptions around the world.</p> <p> </p> <p>The silver lining appears to be that <span class=\"il\">McDonald</span>\’s has admitted increasing its investments in cybersecurity defense and the data breach was discovered early enough to shut off access to critical corporate data, customer data and maybe even the recipe for the secret sauce used in <span class=\"il\">McDonald</span>\’s iconic Big Mac. Kudos to <span class=\"il\">McDonald</span>\’s for being transparent and we look forward to hearing more from them as they can be seen as the hero in this situation if they prevent future data breaches and share some of their playbook with the industry to help other companies from being victimized. Having a post breach mindset is critical in combating cyber risks to businesses. You must assume the threat actors will get in, because they eventually will, and stop them quickly and push them out of networks.</p> <p> </p> <p>With next week\’s Biden/Putin summit in Geneva taking place, will a photo opp between the two leaders and a joint press conference lead to agreements to reign in the threat actors Putin harbors in Russia and other world leaders do in Eastern European countries? The answer is unequivocally no. Actions speak louder than words and over the next 6-12 months if substantial progress is made on identifying the safe havens where numerous threat actors operate out of in Russia and other Eastern European countries, then we will know that the discussions in Geneva worked. If it\’s just more of the same and the ransomware pandemic worsens, data breaches continue to increase, then we\’ll know that it\’s more of the same type of cyber saber rattling that has been going on between countries for more than 20 years.</p>

Last edited 1 year ago by Sam Curry
Jamie Akhtar
Jamie Akhtar , CEO and Co-founder
InfoSec Expert
June 14, 2021 11:22 am

<p>This recent data breach of <span class=\"il\">McDonald</span>’s shows how critical it is for organisations to recognise that security is a matter of when, not if, and we should all take steps to implement a secure baseline – recognition really is the first step. </p> <p> </p> <p>Fortunately, there is no need to re-invent the wheel of your own security program. Start by aligning with the UK Government’s guidelines. Think of it as an ongoing program rather than a project as well. Security should be embedded within the culture, and although most businesses are not likely to suffer highly sophisticated attacks, it’s important to keep updated as the landscape shifts. For example, phishing has become increasingly popular and will likely impact employees and franchisees of <span class=\"il\">McDonald</span>\’s in the coming months now that their contact information is out in the open. The benefit of a holistic approach to cyber is not only that you can worry less but the next time a customer asks about your security, you can answer with confidence you’re on top of it.</p>

Last edited 1 year ago by Jamie Akhtar
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
June 14, 2021 11:23 am

<p>It sounds as if <span class=\"il\">McDonald</span>\’s is being proactive about protecting its data, taking steps to detect data breaches, and quickly making the necessary moves to cut off hacker access once it was detected. The company also appears to be taking steps to better protect itself against future attacks and breaches.</p>

Last edited 1 year ago by Chris Hauk
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
June 14, 2021 11:24 am

<p><span class=\"il\">McDonald</span>\’s customers in Taiwan and South Korea who have given the company their contact information at any point should be on the lookout for phishing emails. Scammers will send emails and texts posing as <span class=\"il\">McDonald</span>\’s or a related company, using personal data from the breach to personalize messages and make them more convincing. These messages will most likely instruct victims to click on a malicious link that either downloads malware or goes to a fake website. The website will ask victims for their login or payment information, which is then stolen by the attackers.</p> <p>Never click on links in unsolicited emails and always verify the sender before responding.</p>

Last edited 1 year ago by Paul Bischoff
Ed Bishop
Ed Bishop , CTO
InfoSec Expert
June 14, 2021 11:26 am

<p>Hackers will be quick to exploit the business contact details exposed in this breach – either simply selling the data on or using the information to send convincing phishing, smishing or vishing attacks to victims of the breach. For example, cybercriminals could send phishing emails to individuals whose contact details were breached, asking them to click a link to update their username and password in the wake of the incident, in order to harvest credentials and gain access to data and systems. In a more advanced attack, the cybercriminal would use the knowledge that the contact has a business email relationship with McDonalds and impersonate the brand to create further legitimacy to the attack. With people\’s phone numbers being exposed too, cybercriminals could make their social engineering campaigns even more convincing by following up their email with a voice phishing – vishing – call. </p> <p> </p> <p>The warning for all McDonald\’s employees and franchisees, then, is to watch out for phishing emails and verify any requests for payments or information with the supposed source via another means of communication before complying with the request. No matter how urgent the message appears, always take a minute to check its legitimacy.</p> <p> </p>

Last edited 1 year ago by Ed Bishop
Tom Garrubba
Tom Garrubba , Senior Director and CISO
InfoSec Expert
June 14, 2021 11:28 am

<p>In the minds of threat actors, everyone is fair game. The onslaught of breaches and other vicious cyber-attacks are not letting up and therefore we must be more diligent in ensuring we do not let our guard down. The legacy mindset of many organization was to stress over defending personally identifiable information of customers and employees (for fears of lawsuits), but we’re also seeing a large uptick in attacks on organizations that don’t appear to involve personal data; infrastructure and other confidential data are now becoming big targets. Organizations must be as diligent in protecting their company’s intellectual property like products, strategies, distribution and supply chains, etc., with the same care they use to protect customer and employee personally identifiable information.</p>

Last edited 1 year ago by Tom Garrubba
Jerome Becquart
InfoSec Expert
June 18, 2021 4:29 pm

<p>Recent data breaches like this have shown that any organization, no matter how large, can be vulnerable to attack without the right cybersecurity infrastructure. It\’s essential for businesses to invest in cybersecurity solutions that contain these kinds of threats and limit their impact on the organization. The first step businesses need to take is to re-consider how they authenticate their users and devices. Getting rid of passwords is essential. Organizations instead need to invest in multi-factor authentication to provide trust in their users and strengthen their security perimeter. The second step is to consider the numerous machines and devices connected to their network that could be vulnerable to threats. Enabling technology such as PKI to authenticate these identities will provide an additional layer of security to defend against attacks.</p>

Last edited 1 year ago by Jerome Becquart
Information Security Buzz
Would love your thoughts, please comment.x