Skip to Content
Global News Select

McDonald's Hit by Data Breach in South Korea, Taiwan

By Heather Haddon 

McDonald's Corp. said hackers stole some customer and employee data from its systems in markets including South Korea and Taiwan, in another example of cybercriminals infiltrating high-profile global companies.

The burger chain said Friday that it recently hired external consultants to investigate unauthorized activity on an internal security system, prompted by a specific incident in which the unauthorized access was cut off in a week. The investigators discovered that company data had been breached in markets including South Korea and Taiwan, McDonald's said.

The company said customer and personal-employee data in the U.S. weren't compromised in the attack.

Attackers stole customer emails, phone numbers and addresses for delivery customers in South Korea and Taiwan, the company said. In Taiwan, hackers also stole employee information including names and contact information, McDonald's said. The company said the number of files exposed was small without disclosing the number of people affected. The breach didn't include customer payment information, McDonald's said.

McDonald's said that its divisions in South Korea and Taiwan notified regulators in Asia of the breach Friday, and that they would contact customers and employees. The company said its divisions would also notify some employees in South Africa and Russia of possible unauthorized access to their information. The investigation had flagged those countries as well.

McDonald's said that business at its restaurants wasn't disrupted by the breach and that it didn't involve a ransomware attack, in which hackers demand payment to return control of data and operations to companies. McDonald's said it wasn't asked for ransom, nor did it make any payment to the hackers.

Prominent ransomware attacks in recent months have disrupted operations at institutions and companies deeply embedded in U.S. civic and commercial life, including hospitals, transport systems, pipelines and meat companies. Some companies including Colonial Pipeline Co. and the U.S. operations of meat company JBS SA have said they paid hackers to regain full control of their data and operations.

McDonald's said that it has increased investment in cybersecurity defenses in recent years, and that those tools helped it respond to the recent attack. The company said it cut off hackers' access to data soon after the breach was identified.

"McDonald's will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures," the company said.

Write to Heather Haddon at heather.haddon@wsj.com

 

(END) Dow Jones Newswires

June 11, 2021 08:14 ET (12:14 GMT)

Copyright (c) 2021 Dow Jones & Company, Inc.

Transparency is how we protect the integrity of our work and keep empowering investors to achieve their goals and dreams. And we have unwavering standards for how we keep that integrity intact, from our research and data to our policies on content and your personal data.

We’d like to share more about how we work and what drives our day-to-day business.

We sell different types of products and services to both investment professionals and individual investors. These products and services are usually sold through license agreements or subscriptions. Our investment management business generates asset-based fees, which are calculated as a percentage of assets under management. We also sell both admissions and sponsorship packages for our investment conferences and advertising on our websites and newsletters.

How we use your information depends on the product and service that you use and your relationship with us. We may use it to:

  • Verify your identity, personalize the content you receive, or create and administer your account.
  • Provide specific products and services to you, such as portfolio management or data aggregation.
  • Develop and improve features of our offerings.
  • Gear advertisements and other marketing efforts towards your interests.

To learn more about how we handle and protect your data, visit our privacy center.

Maintaining independence and editorial freedom is essential to our mission of empowering investor success. We provide a platform for our authors to report on investments fairly, accurately, and from the investor’s point of view. We also respect individual opinions––they represent the unvarnished thinking of our people and exacting analysis of our research processes. Our authors can publish views that we may or may not agree with, but they show their work, distinguish facts from opinions, and make sure their analysis is clear and in no way misleading or deceptive.

To further protect the integrity of our editorial content, we keep a strict separation between our sales teams and authors to remove any pressure or influence on our analyses and research.

Read our editorial policy to learn more about our process.