company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

McDonald

Data breach

loading..
loading..
loading..

MC Donald officially confirmed data breach primarily affecting the South Korea & Taiwan operations

McDonald which had gone through a similar incident relating to online security, where the company discovered a cross-site scripting (XSS) vulnerability...

11-Jun-2021
3 min read

McDonald officially discloses a data breach primarily targeting the operations of South Korea and Taiwan. The biggest global burger chain confirmed that its customers & employee's data were compromised upon the preliminary investigation conducted in collaboration with an external security team to identify the unauthorized activities on its internal network.

Soon after the data breach was detected, the infected system was made offline however, "a small number of files were accessed, some of which contained personal data." Even though McDonald affirmed to the US employees that only the business contact details from US employees and franchises were highly affected, which doesn't include any sensitive or personal details of users or employees, especially the payment credentials of the customers, also based on first news reports by WSJ.

Besides, the stolen data also includes names, emails, phone numbers, and customer addresses from South Korea and Taiwan.

"Based on our investigation, only Korea and Taiwan had customer personal data accessed, and they will be taking steps to notify regulators and customers listed in these files," McDonald mentioned in a statement.

The company is also robustly preparing to address the infected data containing the employee personal credentials effectively and currently informing all the concerned departments, including the targeted customer base, to initiate the needfuls in all the impacted markets.

"McDonald’s understands the importance of effective security measures to protect the information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense. These tools allowed us to identify and contain recent unauthorized activity on our network quickly. A thorough investigation was conducted, and we worked with experienced third parties to support this investigation." — McDonald started.

However, this hasn't been an unprecedented experience, especially for McDonald's, which had gone through a similar incident relating to online security. The company discovered a cross-site scripting (XSS) vulnerability directly affecting the official website and the customer login credentials saved in plain text.

In the recent past, similar to this emerging concerns of a data breach, many other companies were also targeted critically affecting the data at a mass level Electronic Arts (EA), Edward Don, CD Projekt and many more.