McDonald's hacked and customer data stolen

By on December 14, 2010, 3:27 PM
McDonald's servers were recently compromised and hackers were able to get access to customers' e-mail addresses, names, addresses, phone numbers, birth dates, genders, as well as certain information about their promotional preferences and Web information interests. The sites affected were: McDonalds.com, 365Black.com, McDonalds.ca, mcdonaldsmom.com, mcdlive.com, monopoly.com, playatmcd.com, and meencanta.com.

The restaurant chain is warning customers to be cautious of anyone claiming to be from McDonald's contacting them by phone or e-mail, and asking for personal or financial information, according to The Orange County Register. McDonald's has also set up a FAQ page for affected customers with 13 questions and their corresponding answers. Here are the first two:

1. How was a third party able to improperly access McDonald’s customer data?
Unfortunately, a third party was able to defeat the security measures put in place by the email database management firm to protect the information you provided to us. Law enforcement authorities have been notified and are investigating the matter.

2. What information was contained in McDonald’s customer database that was improperly accessed?
The information contained in the database is limited to your email address and potentially also your name, postal address, home or cell phone number, birth date, gender, and certain information about your promotional preferences or web information interests. This is information you provided when you signed up or subscribed. The database did not contain Social Security Numbers, credit card numbers or any sensitive financial information, since McDonald’s did not collect this information.

McDonald's did not disclose how many people were impacted by the hack. The company is working with Arc Worldwide, who manages the data collection for McDonald's, to find out how their security system was bypassed and how such attacks can be prevented in the future.

"It is important to note that the information in the database did not include Social Security Numbers, credit card numbers, or any sensitive financial information," a McDonald's spokesperson said in a statement. "The incident has resulted in an investigation by law enforcement authorities. Arc and McDonald's are cooperating with the appropriate authorities as we work to protect our valued customers. We are also working with Arc and their database management firm to understand how the security was bypassed. We take the security of our customer information very seriously, and we will continue to cooperate with the investigation and with the appropriate authorities."





User Comments: 15

Got something to say? Post a comment
mario mario, Ex-TS Developer, said:

Didn't know McDonalds was also owned by Nick Denton , they got gawked.

Emin3nce said:

OH MAH GOD THEY STOLE MY FREE BIG MAC OFFER!!!

dividebyzero dividebyzero, trainee n00b, said:

I'm lovin' it

Why would McDonalds need customers email addresses?

Do they send out email alerts?

Dear __Valued Customer,

Today is your lucky day! You and ___1.2 billion__other lucky recipients are cordially invited to McDonalds to __witness the bimonthly changing of the deep fry oil__on the__11th January 2011__.

We will be running a __24 hour__ offer to mark this special occasion, which consists of __a 65% chance that the cashier speaks your language__and__a mostly disease free burger assembly staff who aren't hopped up on illegal substances__

Looking forward to __watching you visibly age whilst waiting for your order_and once again providing you with that special McDonalds experience.

Best wishes and seasonal greetings,

Day Shift Manager, Franchise #275698854

Guest said:

What kind of ***** would give McD's ANY kind of personal information?

Leeky Leeky said:

What kind of ***** would give McD's ANY kind of personal information?

Clearly the same sort of ***** that thinks its OK to hand it all to Facebook!

Guest said:

It was the Hamburglar, an inside job.

Benny26 Benny26, TechSpot Paladin, said:

Guest said:

What kind of ***** would give McD's ANY kind of personal information?

A fat *****?

Cryptopsy said:

Leeky said:

What kind of ***** would give McD's ANY kind of personal information?

Clearly the same sort of ***** that thinks its OK to hand it all to Facebook!

Thumbs up!

j05hh j05hh said:

an apology letter from McDonald " We are sorry to all our customers, we are working around the clock to correct this security exploit. We are giving all of out registered customers a free BIG MAC meal (with super size of course) and a free shake. These meals can be redeemed at your local McDonalds nationwide. Please be patient with us as we correct this issue"

lampers1 said:

This is getting intense. Gawker Media, McDs, and DeviantART. I wonder what's next?

Guest said:

Let's see. What shall I do today? I know, I'll give my personal information to Ronald McDonald. I'm sure it will be safe with him. Oh, bye the way. Could I have my identity theft SuperSized?

Guest said:

YES! Thank you sooo much for that. Quite frankly I think that just made my day.

aj_the_kidd said:

If you see my some geeky looking kid coming everyday with free coupons, it was probably him, notify your local authorities immediately, he is a threat to national security, matter of fact grab a gat turn it sideways and get gangsta on his ass :P

Romasito said:

There should be always a certain number of honeypot accounts/data in every system, so would be easier to get some leads when being contacted with data from the accounts.

Guest said:

I agree, I think it was the Hamburgler, in the Play Pen, with the Verizon netbook.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.