McDonald’s has been rocked by a major data breach after customer data – including email, contact information and birthdates – was stolen by hackers.
It is understood the thieves managed to hack into the file, held by a database management firm hired by McDonald’s DM agency Arc Worldwide, although it has refused to reveal the number of records involved or the timing of the breach.
The customer database was built from information supplied after recipients signed up for online promotions or newsletter subscriptions for the fast food chain. Financial information was not included. McDonald’s says it is working with business partners and the police to rectify the situation.
Paul Vlissidis, technical director at NGS Secure (the security testing division of NCC Group), said the breach showed that third-party suppliers can be the weak leak in information security.
“Third party suppliers often have access to company networks – sometimes to quite a high level,” Vlissidis said. “It’s an old adage that security is only as good as the weakest link, and in cases like this the supply chain may be that weak spot.
“We advise all our customers to ensure that all their third party suppliers undergo rigorous and regular security testing before they are allowed to access the customer’s network or even handle their customer data.”