McDonald's hit by data breach impacting some customer information in Asia

[Sophia Kingsbury <sophia.kingsbury () riskbasedsecurity com>]

https://abcnews.go.com/Business/mcdonalds-hit-data-breach-impacting-customer-information-asia/story?id=78220152

McDonald's said Friday there was no interruption to its operations after it
incurred a data breach that comes amid a concerning string of cyberattacks
aimed at high-profile targets.

The company said that it worked with "experienced third parties" to conduct
a "thorough investigation" after identifying unauthorized activity on its
network.

"While we were able to close off access quickly after identification, our
investigation has determined that a small number of files were accessed,
some of which contained personal data," McDonald's Corporation said in a
statement to ABC News.

Their investigation found customer personal data in Korea and Taiwan had
been accessed by the hackers, but said no files contained customer payment
information. The company said that it will be "taking steps to notify
regulators and customers listed in these files."

"In the coming days, a few additional markets will take steps to address
files that contained employee personal data," McDonald's added in a
statement, though it did not disclose which markets were hit by the breach.
The Wall Street Journal on Friday reported that the breach disclosed
business contact information for U.S. employees and franchisees, citing an
internal message to U.S. employees, but that no U.S. customer data or
personal employee data was exposed.

"Moving forward, McDonald’s will leverage the findings from the
investigation as well as input from security resources to identify ways to
further enhance our existing security measures," the company stated.

McDonald's data breach comes after a series of high-profile cybersecurity
attacks have rattled business leaders and lawmakers.

Meat-packing giant JBS said earlier this week that it paid $11 million in
Bitcoin to the hackers that penetrated its system after it fell victim to a
ransomware attack.

Also this week, Colonial Pipeline CEO Joseph Blount was grilled by
lawmakers about the ransomware attack on his company that led to a
multi-day shutdown of a major East Coast fuel pipeline.

Colonial Pipeline paid some $4.4 million in ransom to the hackers, though
the Justice Department later announced it had seized millions back from the
criminal group behind the attack.

_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange