McDonald's hit by data breach impacting some customer information in Asia

The burger chain said there was no interruption to operations.

June 11, 2021, 2:02 PM

McDonald's said Friday there was no interruption to its operations after it incurred a data breach that comes amid a concerning string of cyberattacks aimed at high-profile targets.

The company said that it worked with "experienced third parties" to conduct a "thorough investigation" after identifying unauthorized activity on its network.

"While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data," McDonald's Corporation said in a statement to ABC News.

Their investigation found customer personal data in Korea and Taiwan had been accessed by the hackers, but said no files contained customer payment information. The company said that it will be "taking steps to notify regulators and customers listed in these files."

"In the coming days, a few additional markets will take steps to address files that contained employee personal data," McDonald's added in a statement, though it did not disclose which markets were hit by the breach. The Wall Street Journal on Friday reported that the breach disclosed business contact information for U.S. employees and franchisees, citing an internal message to U.S. employees, but that no U.S. customer data or personal employee data was exposed.

PHOTO: Employees of McDonald's serve a BTS meal on May 27, 2021 in Seoul, South Korea.
Employees of McDonald's serve a BTS meal on May 27, 2021 in Seoul, South Korea.
Chung Sung-jun/Getty Images, FILE

"Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures," the company stated.

McDonald's data breach comes after a series of high-profile cybersecurity attacks have rattled business leaders and lawmakers.

Meat-packing giant JBS said earlier this week that it paid $11 million in Bitcoin to the hackers that penetrated its system after it fell victim to a ransomware attack.

Also this week, Colonial Pipeline CEO Joseph Blount was grilled by lawmakers about the ransomware attack on his company that led to a multi-day shutdown of a major East Coast fuel pipeline.

Colonial Pipeline paid some $4.4 million in ransom to the hackers, though the Justice Department later announced it had seized millions back from the criminal group behind the attack.

Related Topics