A data breach at fast food restaurant McDonald's has impacted customers and employees in South Korea and Taiwan and company operations in the United States.
The breach, which was first reported Friday by the Wall Street Journal, was the result of a cyber-attack. Hackers who broke into the computer system of McDonald's Corp. accessed only a small number of files before their intrusion was detected.
During their period of unauthorized access, the cyber-criminals stole personal information belonging to delivery customers in Taiwan and South Korea. Information accessed and pilfered included customer emails, phone numbers and addresses.
Employee information stolen by the hackers included the names and contact information of McDonald's workers in Taiwan. The burger servers said no customer payment details were accessed or stolen in the attack.
McDonald's did not disclose exactly how many files were exposed or the number of people who were affected by the data breach, sharing only that the quantity of files was small.
The data breach was detected by external consultants hired by McDonald's to investigate an incidence of unauthorized activity on an internal security system. Although access was blocked a week after detection, investigators found that company data in three countries had been breached.
In the United States, the hackers were able to access some business contact details for employees and franchisees. They also compromised restaurant data that included seating capacities and the size of play areas measured in square feet.
McDonald's said no data belonging to US customers was affected and that the exposed employee information did not include any personal or sensitive data.
Regulators in Asia were notified of the breach on Friday by the McDonald's division in South Korea and Taiwan. The company said it will notify impacted customers and employees.
“Hackers will be quick to exploit the business contact details exposed in this breach, either simply selling the data or using the information to send convincing phishing, smishing or vishing attacks to victims of the breach," commented Tessian CTO & co-founder Ed Bishop.
"The warning for all McDonald's employees and franchisees, then, is to watch out for phishing emails and verify any requests for payments or information with the supposed source via another means of communication before complying with the request."