Hamburgled: Third Party Breach Spills Customer Data From McDonald’s, Others

UPDATEMcDonald’s has served billions of hamburgers, but thousands of those customers may be regretting their patronage, after the fast food giant acknowledged that contact information for an unknown number of customers was stolen from a third party e-mail marketing firm it uses.

McDonalds leak

UPDATE

McDonald’s has served billions of hamburgers, but thousands of those customers may be regretting their patronage, after the fast food giant acknowledged that contact information for an unknown number of customers was stolen from a third party e-mail marketing firm it uses.

McDonald’s said customer contact information including customer names, phone numbers, postal address, and email addresses were taken by unknown hackers who breached a database used to coordinate online marketing campaigns. The breach may be linked to a string of similar incidents at large retailers, according to published reports.

The breach only affects consumers who chose to subscribe to the McDonald’s email list or submit information to one of their affiliate websites during an unspecified online promotion. McDonald’s is attempting to notify those affected by sending emails to the compromised addresses, the company said in a statement. Sensitive financial information, the social security and credit card numbers of the consumers were not disclosed, the company said.

Published reports have pointed the finger at email marketer Silverpop Systems, which has been linked to breaches of customer data affecting DeviantArt, Walgreens and other firms. However, McDonald’s has not confirmed those reports.

In an email, the Manager of Corporate communications at Silverpop Systems, Stacy Kirk, cited Silverpop’s official statement that they recently detected suspicious activity in a small number of their accounts, saying Silverpop was among several technology providers targeted as part of a broader cyber-attack. While she was unable to offer a detailed commentary on the attack because of an ongoing investigation, she did say that Silverpop changed all account passwords to protect customer information, engaged the FBI’s cybercrime division, and notified all customers impacted by the attack. 

Data breaches have dominated the news in recent weeks. Whistleblower site Wikileaks has been at the center of a maelstrom of international attention after it began publishing confidential diplomatic cables taken from the U.S. Military’s classified information network. Over the weekend, online media network Gawker Media disclosed that a massive breach of its systems had thrown the e-mail addresses of millions of readers as well as sensitive internal communications into the public domain.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.