It has been reported that McDonald’s, the world’s largest burger chain, has suffered a data breach today. Locations in South Korea and Taiwan have had data exposed including some customer and employee information, making it the latest global company to be targeted by cybercriminals. It is also believed U.S. operations have also been impacted.
The attackers accessed e-mails, phone numbers and delivery addresses, but the breach did not include customer payment information, the company said.
The details of the breach in the two regions were the result of an investigation by external consultants following an unauthorized activity on the company’s network.
“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data,” McDonald’s said in s statement.
<p>Recent data breaches like this have shown that any organization, no matter how large, can be vulnerable to attack without the right cybersecurity infrastructure. It\’s essential for businesses to invest in cybersecurity solutions that contain these kinds of threats and limit their impact on the organization. The first step businesses need to take is to re-consider how they authenticate their users and devices. Getting rid of passwords is essential. Organizations instead need to invest in multi-factor authentication to provide trust in their users and strengthen their security perimeter. The second step is to consider the numerous machines and devices connected to their network that could be vulnerable to threats. Enabling technology such as PKI to authenticate these identities will provide an additional layer of security to defend against attacks.</p>
<p>In the minds of threat actors, everyone is fair game. The onslaught of breaches and other vicious cyber-attacks are not letting up and therefore we must be more diligent in ensuring we do not let our guard down. The legacy mindset of many organization was to stress over defending personally identifiable information of customers and employees (for fears of lawsuits), but we’re also seeing a large uptick in attacks on organizations that don’t appear to involve personal data; infrastructure and other confidential data are now becoming big targets. Organizations must be as diligent in protecting their company’s intellectual property like products, strategies, distribution and supply chains, etc., with the same care they use to protect customer and employee personally identifiable information.</p>
<p>Hackers will be quick to exploit the business contact details exposed in this breach – either simply selling the data on or using the information to send convincing phishing, smishing or vishing attacks to victims of the breach. For example, cybercriminals could send phishing emails to individuals whose contact details were breached, asking them to click a link to update their username and password in the wake of the incident, in order to harvest credentials and gain access to data and systems. In a more advanced attack, the cybercriminal would use the knowledge that the contact has a business email relationship with McDonalds and impersonate the brand to create further legitimacy to the attack. With people\’s phone numbers being exposed too, cybercriminals could make their social engineering campaigns even more convincing by following up their email with a voice phishing – vishing – call. </p> <p> </p> <p>The warning for all McDonald\’s employees and franchisees, then, is to watch out for phishing emails and verify any requests for payments or information with the supposed source via another means of communication before complying with the request. No matter how urgent the message appears, always take a minute to check its legitimacy.</p> <p> </p>
<p><span class=\"il\">McDonald</span>\’s customers in Taiwan and South Korea who have given the company their contact information at any point should be on the lookout for phishing emails. Scammers will send emails and texts posing as <span class=\"il\">McDonald</span>\’s or a related company, using personal data from the breach to personalize messages and make them more convincing. These messages will most likely instruct victims to click on a malicious link that either downloads malware or goes to a fake website. The website will ask victims for their login or payment information, which is then stolen by the attackers.</p> <p>Never click on links in unsolicited emails and always verify the sender before responding.</p>
<p>It sounds as if <span class=\"il\">McDonald</span>\’s is being proactive about protecting its data, taking steps to detect data breaches, and quickly making the necessary moves to cut off hacker access once it was detected. The company also appears to be taking steps to better protect itself against future attacks and breaches.</p>