It is understood the thieves managed to hack into the file, held by a database management firm hired by McDonald’s DM agency Arc Worldwide, although it has refused to reveal the number of records involved or the timing of the breach.
The customer database was built from information supplied after recipients signed up for online promotions or newsletter subscriptions for the fast food chain. Financial information was not included. McDonald’s says it is working with business partners and the police to rectify the situation.
Paul Vlissidis, technical director at NGS Secure (the security testing division of NCC Group), said the breach showed that third-party suppliers can be the weak leak in information security.
“Third party suppliers often have access to company networks – sometimes to quite a high level,” Vlissidis said. “It’s an old adage that security is only as good as the weakest link, and in cases like this the supply chain may be that weak spot.
“We advise all our customers to ensure that all their third party suppliers undergo rigorous and regular security testing before they are allowed to access the customer’s network or even handle their customer data.”
To leave a comment please register – it takes less than a minute and is free of charge. You will also get our weekly email update The DM Report (to opt out contact firstname.lastname@example.org). If you are an existing user, please log in. If you have forgotten your log-in details please email email@example.com to get them reset!