The restaurant chain is warning customers to be cautious of anyone claiming to be from McDonald's contacting them by phone or e-mail, and asking for personal or financial information, according to The Orange County Register. McDonald's has also set up a FAQ page for affected customers with 13 questions and their corresponding answers. Here are the first two:
1. How was a third party able to improperly access McDonald’s customer data?
Unfortunately, a third party was able to defeat the security measures put in place by the email database management firm to protect the information you provided to us. Law enforcement authorities have been notified and are investigating the matter.
2. What information was contained in McDonald’s customer database that was improperly accessed?
The information contained in the database is limited to your email address and potentially also your name, postal address, home or cell phone number, birth date, gender, and certain information about your promotional preferences or web information interests. This is information you provided when you signed up or subscribed. The database did not contain Social Security Numbers, credit card numbers or any sensitive financial information, since McDonald’s did not collect this information.
McDonald's did not disclose how many people were impacted by the hack. The company is working with Arc Worldwide, who manages the data collection for McDonald's, to find out how their security system was bypassed and how such attacks can be prevented in the future.
"It is important to note that the information in the database did not include Social Security Numbers, credit card numbers, or any sensitive financial information," a McDonald's spokesperson said in a statement. "The incident has resulted in an investigation by law enforcement authorities. Arc and McDonald's are cooperating with the appropriate authorities as we work to protect our valued customers. We are also working with Arc and their database management firm to understand how the security was bypassed. We take the security of our customer information very seriously, and we will continue to cooperate with the investigation and with the appropriate authorities."