Story at a glance
- McDonald’s issued a letter to U.S. employees confirming some customer data had been compromised during a cyberattack.
- Most of the compromised customers were based in South Korean and Taiwanese markets.
- McDonald’s said no payment information was subject to the hack, and it will notify affected customers.
The wave of cyberattacks on major U.S. companies has yet to lose momentum, as fast-food giant McDonald’s reported hackers seized some company data from its online system.
McDonald’s corporate officials sent a letter to U.S. employees on Friday, The Wall Street Journal first reported, confirming that it hired external cybersecurity consultants to review unauthorized activity on an internal security system. This was preceded by unauthorized activity detected one week prior to the attack.
Following this most recent hack, some company data had been compromised in the company’s U.S., South Korea and Taiwan markets. The hackers stole customer emails, phone numbers and addresses for delivery, primarily among South Korean and Taiwanese customers.
In a statement, McDonald’s confirmed only a small amount of customer data had been accessed. Officials will take steps to notify those customers, but said no payment information was compromised.
McDonald’s did not disclose how many customers were affected. There was no disruption to normal business operations.
Ransomware, or the demand for payment in order for a company to return to business operations, was not reported.
“Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures,” the company said, adding that it has made “substantial” investment in cybersecurity defense tools.
The iconic American restaurant chain is now added to the list of major corporations that have recently been hit by major cyberattacks, alongside JBS food processing, Colonial Pipeline, and the Steamship Authority of Massachusetts.
Unlike the companies listed, McDonald’s was not forced to pay hackers to regain access to their systems.
In light of these disruptive hacks, President Biden issued an executive order calling for strengthened cybersecurity measures for federal agencies, saying government agencies should work with private sector cybersecurity companies to fortify online government data.
“The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace,” the order reads.