The fast food mega chain McDonald’s is the latest company to have private data stolen by a third party, The Wall Street Journal reports. Unlike other recent attacks on CNA Financial and the Colonial Pipeline, McDonald’s claims it isn’t dealing with ransomware, but store information in the US was taken, along with some customer information in South Korea and Taiwan.
The company discovered the data breach after hiring consultants to “investigate unauthorized activity on an internal security system” McDonald’s tells the Journal. In the US, the data accessed included business contact information for franchises, the seating capacity of stores, and the square footage of play areas. The South Korean and Taiwanese arms of McDonald’s “had customer personal data accessed” and the company “will be taking steps to notify regulators and customers listed in these files,” the company tells The Verge. McDonald’s stressed that “no customer payment information was contained in these files.”
McDonald’s says business operations were not interrupted by the data breach and “in the coming days, a few additional markets will take steps to address files that contained employee personal data.” The Wall Street Journal writes these other markets include South Africa and Russia, which were both flagged in the security consultants’ initial investigation.
A breach of non-payment data from a restaurant chain like McDonald’s is not as catastrophic as someone swiping credit cards or shutting down one of the world’s largest beef suppliers, but it’s yet another example of how large corporations also make large, frequently easy targets for hackers.