It has been reported by The Wall Street Journal that the fast-food giant McDonald’s has become the latest company to have private information stolen by a third party. McDonald’s claims that, in contrast to recent attacks on CNA Financial and the Colonial Pipeline, it is not dealing with ransomware; however, store information in the United States, as well as some customer information in South Korea and Taiwan, has been stolen from the company.
According to McDonald’s, the company discovered the data breach after hiring consultants to “investigate unauthorized activity on an internal security system,” as the Journal reports. In the United States, the information accessed included franchise business contact information, store seating capacity, and the square footage of play areas. McDonald’s subsidiaries in South Korea and Taiwan “had customer personal data accessed,” and the company “will be taking steps to notify regulators and customers listed in these files,” according to a statement provided to The Verge. McDonald’s emphasized that “no customer payment information was contained in these files,” according to the company.
Despite the data breach, McDonald’s claims that business operations were not disrupted, and that “in the coming days, few other additional markets will take action to address files that stored employee private data.” and According to the Wall Street Journal, these other markets include South Africa and Russia, both of which were identified during the initial investigation conducted by the security consultants.
It’s true that a breach of non-payment data from a restaurant chain like McDonald’s is not as catastrophic as someone stealing credit card information or shutting down one of the world’s largest beef suppliers, but it’s yet another example of how large corporations make large, frequently easy targets for hackers.