Data relating to customers of the McDonald’s fast food franchise has been leaked, after a failure of the security at the company which provides the email service to the firm.
The data in question was gathered by McDonald’s from its website and was subsequently accessed illicitly by a third party, according to a statement from the company.
The data included the names, addresses, contact numbers, genders and D.O.Bs of many customers, although the exact number has not been made public at the time of writing.
The firm went on to explain that those affected would not be at risk of payment card fraud because no such information was accessed in this security breach.
McDonald’s had used Arc Worldwide to oversee a promotional email campaign for the chain and Arc had consequently handed out some of the work to yet another external firm, which has remained anonymous. It was this third firm which suffered the data breach.
McDonald’s confirmed that although it collected data on customers for promotional purposes, it did not store payment card details or other highly sensitive information which could easily be exploited.
In the aftermath of the data leak, the restaurant franchise has warned that some customers may now be contacted by scammers claiming to represent McDonald’s and, as such, has urged vigilance and care when dealing with unsolicited emails.
McDonald’s confirmed that the police and regulators are involved but would not give further details on the extent of the data loss or indeed the time frame in which it occurred.
Security expert Mark Darvill told SC Magazine, that using third party firms to provide IT services and backup data is useful, but warned that businesses like McDonald’s would need to ensure that the policies and safeguards used by external providers were in keeping with security strategies within the client’s operation.
Mr Darvill also spoke about the fact that stored data which is not regularly accessed, needs to be just as well protected as that which is in regular use.
