McDonald's Suffers Data Breach

Dismas · 06-12-2021, 07:52 AM

McDonald's suffered a data breach. Seems to be mostly customer/employee information.

Quote:McDonald's, the largest fast-food chain globally, has disclosed a data breach after hackers breached its systems and stole information belonging to customers and employees from the US, South Korea, and Taiwan.

As the world's global foodservice retailer, McDonald's serves almost hundreds of millions of customers every day in more than 39,000 locations in over 100 countries, including roughly 14,000 restaurants in the US alone.

Today, the company said that threat actors breached its systems in multiple markets worldwide, as discovered following an investigation conducted by external security consultants.

McDonald's also told US employees that the attackers could only steal business contact info belonging to US employees and franchises that wasn't personal or sensitive, as first reported by WSJ.

The threat actors also stole personal information (including names, emails, phone numbers, and addresses) from customers in South Korea and Taiwan,

However, the number of customer documents exposed in the incident was small, and the breach did not impact customers' payment info in any way.

Read More: https://www.bleepingcomputer.com/news/se...oyee-info/

mothered · 06-12-2021, 10:48 AM

Quote:McDonald's also told US employees that the attackers could only steal business contact info belonging to US employees and franchises that wasn't personal or sensitive

It becomes sensitive If an attacker uses the Information to play the role of the employee on a business level, then social engineer another branch by verifying himself, and gain access to restricted data.

Having a given & family name, employee title and the branch number, Is sometimes enough to successfully manipulate In the above capacity.

404errorist · 06-12-2021, 12:23 PM

SO the incident involves US, South Korea, and Taiwan, yet they could only access the private information of employees outside of the US?

My questions are:
- The company data from the US seems to largely be safe (or so they say), why was the same level of security deployed company wide? What do they do here in the United States that they don't do in Asia?

Personally, this is either designed to make it appear so, but based on who was attacked, this was either China or Russia, once again.

Boudica · 06-13-2021, 02:26 PM

(06-12-2021, 12:23 PM)404errorist Wrote: SO the incident involves US, South Korea, and Taiwan, yet they could only access the private information of employees outside of the US?

My questions are:
- The company data from the US seems to largely be safe (or so they say), why was the same level of security deployed company wide? What do they do here in the United States that they don't do in Asia?

Personally, this is either designed to make it appear so, but based on who was attacked, this was either China or Russia, once again.

In all honesty, having different security practices in different regions even under the same company is pretty common practice. You would think the highest level of security available would be utilised everywhere, but that's so rarely the case. Some of this is down to services and infrastructure available in those countries, therefore requiring different ways of storing data, and processes and systems that use it. I wonder if that's what has happened here.

d4ggm4sk · 06-13-2021, 08:30 PM

I am probably part of this data breach, since Ive hacked over 10.000+ McDonalds account with openbullet haha.

Dismas · 06-14-2021, 12:08 AM

(06-13-2021, 08:30 PM)d4ggm4sk Wrote: I am probably part of this data breach, since Ive hacked over 10.000+ McDonalds account with openbullet haha.

Okay Hamburglar.

mothered · 06-14-2021, 05:24 AM

(06-13-2021, 02:26 PM)Boudica Wrote: You would think the highest level of security available would be utilised everywhere, but that's so rarely the case. Some of this is down to services and infrastructure available in those countries

Absolutely.

Cost Is another significant factor.

Boudica · 06-14-2021, 05:17 PM

(06-14-2021, 12:08 AM)Dismas Wrote:
(06-13-2021, 08:30 PM)d4ggm4sk Wrote: I am probably part of this data breach, since Ive hacked over 10.000+ McDonalds account with openbullet haha.

Okay Hamburglar.

Such big dreams his parents must have had for him...

(06-14-2021, 05:24 AM)mothered Wrote:
(06-13-2021, 02:26 PM)Boudica Wrote: You would think the highest level of security available would be utilised everywhere, but that's so rarely the case. Some of this is down to services and infrastructure available in those countries
Absolutely.

Cost Is another significant factor.

I'm not sure how I forgot to even consider cost - Especially as that's probably the main one lol. You're right!

mothered · 06-15-2021, 03:46 AM

(06-14-2021, 05:17 PM)Boudica Wrote: I'm not sure how I forgot to even consider cost - Especially as that's probably the main one lol. You're right!

It's easily overlooked.

Sadly, some entities who well and truly have funds to Implement changes, do not apply them due to complacency and the like.

Boudica · 06-15-2021, 07:43 AM

(06-15-2021, 03:46 AM)mothered Wrote:
(06-14-2021, 05:17 PM)Boudica Wrote: I'm not sure how I forgot to even consider cost - Especially as that's probably the main one lol. You're right!
It's easily overlooked.

Sadly, some entities who well and truly have funds to Implement changes, do not apply them due to complacency and the like.

"Sorry shareholder/major investor, we won't be upping your takeaway this month because we want to implement very expensive new security measures for an attack that hasn't happened yet."

You can see how it takes some convincing, but the convincing ought to win!

McDonald's Suffers Data Breach
Author Message