facebook pixal

McDonald’s acknowledges a data breach in Asia

The company said it quickly closed access after some customer data in Korea and Taiwan was compromised.
Photo by Jonathan Maze

McDonald’s on Friday acknowledged that it was the victim of a data breach at some of its restaurants in Asia, though the company said it was quickly able to cut off access and none of its operations were interrupted.

The Chicago-based burger giant said some customers’ personal data was accessed in Korea and Taiwan, though “no customer payment information was contained in these files.” It said it would be contacting those customers in the coming days.

“McDonald’s understands the importance of effective security measures to protect information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense,” the company said in a statement. “These tools allowed us to quickly identify and contain recent unauthorized activity on our network. A thorough investigation was conducted, and we worked with experienced third parties to support this investigation.”

Routine data breaches have become a concern again in light of some high-profile problems—notably the ransomware attack on the meat producer JBS. While the McDonald’s breach was not remotely on that level, and was not a ransomware attack, it shows that criminals are still targeting restaurants and their operators in a bid to get at consumer data.

“The recent McDonald’s data breach shows that restaurants and franchisees are becoming an increasing target for cyberattacks,” John McClurg, senior vice president and chief information security officer with Blackberry, said in a statement. “Cybercriminals are becoming better at pinpointing small gaps in a security infrastructure, no matter the location or entry point. It’s not enough to only protect the front door of our operations. Criminals are becoming more adept at finding any way in.”

McDonald’s said that a “small number of files were accessed, some of which contained personal data.” No customer payment information was contained in the files, the company said. McDonald’s also said it would take steps to address files that contained employee personal data in a few additional markets.

“Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures,” the company said.

Want breaking news at your fingertips?

Get today’s need-to-know restaurant industry intelligence. Sign up to receive texts from Restaurant Business on news and insights that matter to your brand.


More from our partners