McDonald’s has become the latest corporate victim of a cyber attack, with hackers stealing customer and employee data from its systems from the South Korea and Taiwan markets.
The burger chain had shared that it had engaged external consultants to investigate unauthorised activity on its internal security system, prompted by an incident in which the unauthorised access was cut off a week after it was identified.
McDonald’s has clarified that the company data had been breached, it was not a ransomware attack.
The attackers had stolen customer emails, phone numbers, and addresses for delivery customers in South Korea and Taiwan but the breach did not include any customer payment information. Some employee information such as names and contacts were also compromised.
"While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data," McDonald's said in a statement.
The company said that it will take the necessary steps to notify regulators and customers listed in the files.
Jonathan Knudsen, Senior Security Strategist, at Synopsys cautioned that this attack is another example of how every organisation is dependent on software for its critical business functions.
“Consequently, every organisation in every industry must embrace a proactive approach to cybersecurity. Without a security mindset in all parts of the organisation, the risk of disaster is high,” said Knudsen.
“Organisations must recognise, at the highest levels of management, that the software they use every day is a part of their infrastructure, just like office buildings or stores or factories. As such, organisations need to select, deploy, and operate software with an eye toward security at every step.
“As software becomes more entrenched in the fabric of society, and as criminals get better at exploiting weak security processes, good security hygiene will become a competitive differentiator. Eventually, organisations will see software security not as a cost center or hurdle, but as an enabler to a faster, more efficient, less risky future.”
A significant number of breaches in APAC region this year was caused by financially motivated attackers, the largest in compensation amount being a cyberattack on Acer in March this year – where Acer’s customer database with account numbers and credit limits were stolen – and the hackers demanded $50 million in ransom.