McDonald's Corp. said hackers exposed U.S. business information and some customer data in South Korea and Taiwan.
Last week, the burger chain said it had hired external consultants to investigate unauthorized activity on an internal security system, prompted by a specific incident in which the unauthorized access was cut off a week after it was identified, McDonald’s said. The Wall Street Journal, which first reported the news, says that the company's data was breached in the U.S., South Korea and Taiwan. Data that was reportedly accessed included restaurant information, such as square footage, but not "sensitive or personal" customer or employee data. However, the company asked employees and franchisees to look out for phishing emails and to use discretion when asked for information.
Ed Bishop, co-founder & CTO, Tessian, says, “Hackers will be quick to exploit the business contact details exposed in this breach, either simply selling the data or using the information to send convincing phishing, smishing or vishing attacks to victims of the breach. For example, cybercriminals could send phishing emails to individuals whose contact details were breached, asking them to click a link to update their username and password in the wake of the incident, in order to harvest credentials and gain access to data and systems. In a more advanced attack, the cybercriminal could use the knowledge that the contact has a business email relationship with McDonald’s and impersonate the brand to create further legitimacy to the attack. With people's phone numbers being exposed too, cybercriminals could make their social engineering campaigns even more convincing by following up their email with a voice phishing — vishing — call."
Bishop adds, "The warning for all McDonald's employees and franchisees, then, is to watch out for phishing emails and verify any requests for payments or information with the supposed source via another means of communication before complying with the request. No matter how urgent the message appears, always take a minute to check its legitimacy.”
McDonald’s said attackers stole customer emails, phone numbers and addresses for delivery customers in South Korea and Taiwan. In Taiwan, hackers also stole employee information including names and contact information, McDonald’s said.
In a statement to ABC News, McDonald’s Corporation said, "While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data." The company added that, "In the coming days, a few additional markets will take steps to address files that contained employee personal data."
Richard Blech, CEO, XSOC CORP., says, "This breach like so many of the others, is just plainly unacceptable given the universal awareness now about these cyber-attacks. What this says about the state of US infrastructure is that many of the large US enterprises have clearly not taken the necessary measures to stop these types of breaches. I would expect that we are going to find that there was human error involved somewhere in this McDonald’s breach. And human error is usually the number one culprit. This is where large enterprises and government entities are significantly lacking in their efforts to ensure that they have, across the board, trained all staff and employees of, what should be a required job function, of the best practices and rules of conduct when operating within the network or infrastructure. Additionally, and this is the most surprising, is that there are a plethora of tools and resources to “white hat” hack/test an environment to find all areas of exposure, even where human error could occur and then enterprises would be in position to better prevent breaches and not be put in the position to only reacting, after the fact."