McDonald’s Corp. says some of its customers’ private information may have been accessed during a data breach.
The company has told customers that a third party was able to get past security measures to access a database of customer information that included e-mail and other contact information, birthdates and other specifics.
The compromised database did not include any financial information or Social Security numbers.
Customers provided this information when they signed up for online promotions or other subscriptions to its websites. McDonald’s did not detail the timing or scope of the breach but says it is working with law enforcement.
Paul Vlissidis, technical director at NGS Secure, the security testing division of NCC Group plc, comments on the recent McDonald’s data breach: “This is a good example of how you cannot transfer risk where network security is concerned. Nowadays, third party suppliers often have access to company networks – sometimes to quite a high level.
“It’s an old adage that security is only as good as the weakest link, and in cases like this the supply chain may be that weak spot. We advise all our customers to ensure that all their third party suppliers undergo rigorous and regular security testing before they are allowed to access the customer’s network or even handle their customer data.”