“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data,” a McDonald’s spokesperson said, adding that based on the company’s investigation so far, only Korean and Taiwanese customers were impacted.
The Wall Street Journal initially reported that U.S. markets were also impacted and that the breach exposed some U.S. business and employee contact information.
Those markets “will be taking steps to notify regulators and customers listed in these files,” which did not include customer payment information, the McDonald’s spokesperson said.
“McDonald’s understands the importance of effective security measures to protect the information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense,” the spokesperson said.
The fast-food chain said it was able to “quickly identify and contain” threats on its network. It also conducted a “thorough investigation” and worked with “experienced third parties” to do so.
McDonald’s did not share any additional details about the breach.
Kevin Breen, director of cyber threat research at cybersecurity company Immersive Labs, told FOX Business that McDonald’s likely has a strong internal cybersecurity team and worked with effective third parties to limit the extent of the breach and disclose information to the public early.
Breen added that while McDonald’s has not mentioned any kind of financial motivation or ransom demand behind the threat actors that attacked its networks, hackers across the board appear to be targetting large companies that rely on and serve a large number of customers so that they have a greater impact.
“Unfortunately…it’s just another day. It’s just another data breach,” Breen said when asked for his initial reaction to the McDonald’s attack.
“It has become almost trendy for attackers to go after these bigger names,” he explained. “What we are seeing is a move toward high impact for the attackers. From the attackers’ perspective, if they are financially motivated in their attacks, they need the impact to force the organization into paying, and if you can affect the people, the [company] is more likely to pay, and we saw that with Colonial.”
He added that with all of the recent, large-scale cyberattacks, “it’s hard to know whether the attackers are increasing their frequency or whether we as a community and the media are reporting more [frequently] on it.”
The Biden administration in May said it planned to launch a task force aimed at cracking down on hackers responsible for ransomware attacks after the Colonial attack.
Breen said this effort by the president also brings new light to the issue and encourages more companies and organizations to disclose details of cyberattacks to the public.