While the BTS meal continues to be a global phenomenon around the world, things are not looking that great at McDonald's. According to reports, McDonald’s was affected by a data breach which led to the exposure of customers’ and employees’ private information in South Korea and Taiwan.
In a statement, the fast-food giant restaurant said an investigation is ongoing as a small number of files were accessed. Some of these files contained personal data. McDonald’s has since contacted the affected customers and regulators in the two countries. Interestingly, payment information was not accessed.
The Wall Street Journal, which broke the news also reported that operations were affected in the United States. Data that was reportedly accessed included restaurant information, such as square footage, but not "sensitive or personal" customer or employee data.
McDonald’s discovered the incident after it hired external consultants to investigate unauthorised activity on an internal security system. They were able to cut off the unauthorised access a week after it was identified for the three markets, and it credits the increased investment it made in cybersecurity in recent years for being able to launch a quick response. The investigators also flagged South Africa and Russia, and McDonald's said it will notify those divisions of possible unauthorised access to their information.
"Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures," McDonald’s said in the statement.
CSA reached to Jonathan Knudsen, Senior Security Strategist at Synopsys Software Integrity Group, to get his views on the breach. He explained that the recent cyber breach at McDonald’s is another example showing that every organisation is a software organisation. Be it fast food, oil pipeline, or global shipping, every organisation in every industry depends on software for critical business functions.
Jonathan was referring to several other well-known companies that have been recently targeted. These include Colonial Pipeline and JBS USA. Video game maker EA also experienced a breach last week when hackers broke into its systems and took source code used in its games.
“Consequently, every organisation in every industry must embrace a proactive approach to cybersecurity. Without a security mindset in all parts of the organisation, the risk of disaster is high. Organisations must recognise, at the highest levels of management, that the software they use every day is a part of their infrastructure, just like office buildings or stores or factories. As such, organisations need to select, deploy, and operate software with an eye toward security at every step,” said Jonathan.
Jonathan added as software becomes more entrenched in the fabric of society, and as criminals get better at exploiting weak security processes, good security hygiene will become a competitive differentiator. Eventually, organisations will see software security not as a cost centre or hurdle, but as an enabler to a faster, more efficient, less risky future.