McDonald’s, an American fast-food company, has disclosed a data breach after hackers breached its systems and stole information belonging to customers and employees from the US, South Korea, and Taiwan.
The burger chain said Friday that it recently hired external consultants to investigate unauthorized activity on an internal security system, prompted by a specific incident in which the unauthorized access was cut off a week after it was identified, McDonald’s said. The investigators discovered that company data had been breached in markets including the U.S., South Korea, and Taiwan, the company said.
In a message to U.S. employees, McDonald’s said the breach disclosed some business contact information for U.S. employees and franchisees, along with some information about restaurants such as seating capacity and the square footage of play areas.
The company said no customer data was breached in the U.S., and that the employee data exposed wasn’t sensitive or personal. The company advised employees and franchisees to watch for phishing emails and to use discretion when asked for information.
McDonald’s said attackers stole customer emails, phone numbers, and addresses for delivery customers in South Korea and Taiwan. In Taiwan, hackers also stole employee information including names and contact information, McDonald’s said. The company said the number of files exposed was small without disclosing the number of people affected. The breach didn’t include customer payment information, McDonald’s said.
McDonald’s said that it has increased investment in cybersecurity defenses in recent years and that those tools helped it respond to the recent attack. The company said it cut off hackers’ access to data soon after the breach was identified.
“McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures,” the company said.
