Following the previous week of DDoS attacks and the database leak of Gawker, McDonalds has fallen victim to a similar fate. McDonalds is now warning customers that signed up for any promotions or registered at any McDonalds online site that their email addresses and other personal data has been obtained by an unauthorized third party.
The fast-food restaurant placed up a FAQ page on their website regarding exactly what was breached in the attack. Included with the unauthorized access to customer emails, the third-party also got names, postal addresses, home or cell phone numbers, birth date, gender, and information about promotional preferences or web-based interests. Social Security Numbers and credit card numbers however were not included in the security breach as McDonalds does not store that information.
The data collected was from users who registered on one or more of the following McDonalds websites: McDonalds.com, 365Black.com, McDonalds.ca, mcdonaldsmom.com, mcdlive.com, monopoly.com, playatmcd.com, or meencanta.com. These are the websites dealing with promotions offered by the company.
McDonalds has stated that if you are affected, they will attempt to send you an email stating that your information was compromised. This data was strictly information used on promotional sites and does not include enough to commit identity theft.
McDonalds has aslo been working with law enforcement authorities to investigate the matter. They warn multiple times to not give any personal information to anyone who may be posing as a McDonalds official as the company will never ask for that information from you, and that instead you should report the phishing attempt to 800-244-6227.
While there is no solid evidence that the same group has been behind all of these attacks, the point has been made that our data is not as secure as we once thought it to be and new security measures for protecting databases should be instated. McDonalds takes this matter very seriously and is doing what they can to find those responsible.