Thereâ€™s quite the buzz surrounding Gawker Media at the moment. We have been reporting on the incidents from the start, breaking news of the website hacks, analysing the subsequent publishing of data and the related Twitter spam attack on compromised Gawker accounts.
There was another hack that didnâ€™t quite make the headlines, occuring on Friday but only coming to light as of now. It appears that late on Friday, McDonaldâ€™s was subject to an attack by hackers, with email addresses and phone numbers, amongst other data, compromised.
McDonaldâ€™s immediately sent an email to customers notifying them of the potential data breach, warning them to be wary of any further contact from the fast food retailer asking for personal or financial data. It started as follows:
Dear Valued McDonaldâ€™s Customer,
Our records indicate you previously elected to submit information to McDonaldâ€™s in connection with one of our websites or promotions. We wanted to let you know there is a possibility that the limited information you provided to McDonaldâ€™s through its websites or promotions was improperly accessed by an unauthorized third party.
The breach wasÂ identifiedÂ by one of McDonaldâ€™s partners, Arc Worldwide, who notified the restaurant chain that data it collected via McDonaldâ€™s websites and promotions was now in the hands of anÂ unauthorisedÂ third party.
The full email can be found on the McDonalds website, which notes thatÂ â€ťinformation required to confirm your age, a method to contact you (such as name, mobile phone number, and postal address and/or email address), and other general preference informationâ€ť.
It is not known how many customer records were compromised in the hacking but we expect the number will be well into the thousands. Many customers register for coupons and other related promotions via its website.
The websites affected by the breach were:
This leads us to think that data is limited to customers based in North America, although this is not confirmed.
McDonaldâ€™s released a statement to the media, which was picked up by the Orange County Register:
â€śIt is important to note that the information in the database did not include Social Security Numbers, credit card numbers, or any sensitive financial information. The incident has resulted in an investigation by law enforcement authorities. Arc and McDonaldâ€™s are cooperating with the appropriate authorities as we work to protect our valued customers.
We are also working with Arc and their database management firm to understand how the security was bypassed. We take the security of our customer information very seriously, and we will continue to cooperate with the investigation and with the appropriate authorities.â€ť
Did you receive an email from McDonalds over the weekend? Let us know in the comments.