This article was published on December 13, 2010

Like Gawker, McDonalds targeted by hackers.


Like Gawker, McDonalds targeted by hackers.

There’s quite the buzz surrounding Gawker Media at the moment. We have been reporting on the incidents from the start, breaking news of the website hacks, analysing the subsequent publishing of data and the related Twitter spam attack on compromised Gawker accounts.

There was another hack that didn’t quite make the headlines, occuring on Friday but only coming to light as of now. It appears that late on Friday, McDonald’s was subject to an attack by hackers, with email addresses and phone numbers, amongst other data, compromised.

McDonald’s immediately sent an email to customers notifying them of the potential data breach, warning them to be wary of any further contact from the fast food retailer asking for personal or financial data. It started as follows:

Dear Valued McDonald’s Customer,

Our records indicate you previously elected to submit information to McDonald’s in connection with one of our websites or promotions. We wanted to let you know there is a possibility that the limited information you provided to McDonald’s through its websites or promotions was improperly accessed by an unauthorized third party.

The breach was identified by one of McDonald’s partners, Arc Worldwide, who notified the restaurant chain that data it collected via McDonald’s websites and promotions was now in the hands of an unauthorised third party.

The full email can be found on the McDonalds website, which notes that “information required to confirm your age, a method to contact you (such as name, mobile phone number, and postal address and/or email address), and other general preference information”.

It is not known how many customer records were compromised in the hacking but we expect the number will be well into the thousands. Many customers register for coupons and other related promotions via its website.

The websites affected by the breach were:

  • McDonalds.com
  • 365Black.com
  • McDonalds.ca
  • mcdonaldsmom.com
  • mcdlive.com
  • monopoly.com
  • playatmcd.com
  • meencanta.com

This leads us to think that data is limited to customers based in North America, although this is not confirmed.

McDonald’s released a statement to the media, which was picked up by the Orange County Register:

“It is important to note that the information in the database did not include Social Security Numbers, credit card numbers, or any sensitive financial information. The incident has resulted in an investigation by law enforcement authorities. Arc and McDonald’s are cooperating with the appropriate authorities as we work to protect our valued customers.

We are also working with Arc and their database management firm to understand how the security was bypassed. We take the security of our customer information very seriously, and we will continue to cooperate with the investigation and with the appropriate authorities.”

Did you receive an email from McDonalds over the weekend? Let us know in the comments.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Published
Back to top