The world’s largest quick-service restaurant (QSR) chain just had its cyber defenses breached. McDonald’s revealed Friday (June 11) that its databases have been hacked in the United States, South Korea and Taiwan, reports The Wall Street Journal. The breach was discovered when external consultants looked into the source of unauthorized activity on the McDonald’s network.
“While we were able to close off access quickly after identification,” the company said in a statement, “our investigation has determined that a small number of files were accessed, some of which contained personal data.”
In the United States, data accessed by the cyberattackers included employee and franchisee contact information as well as some architectural information about restaurants — no customer data, and nothing “sensitive or personal.” In South Korea and Taiwan, hackers broke into a “small” number of files, which included employee names and contact information. McDonald’s specified that the hackers did not gain access to the company’s customer payment data and said its South Korea and Taiwan teams would inform customers and employees about the breach.
The hack comes as cyberattackers ramp up their efforts against QSRs. A study highlighted in PYMNTS most recent Mobile Order-Ahead tracker, created in partnership with fraud protection software as a service (SaaS) platform Kount, finds that 99 percent of cyberattacks could be stopped by multifactor authentication (MFA) protocols.
However, as Michael Chachula, director of digital at coffeehouse chain The Coffee Bean & Tea Leaf, told PYMNTS in an interview, “As payment [technologies] move forward, various people are doing nefarious things, and regardless of if you have 10-factor authentication, at some point they’re going to find some sort of machine learning method to circumvent it.”
The news comes shortly after the world’s largest meat processor, JBS USA, was hit by a cyberattack that disrupted systems in North America and Australia. In fact, it was reported that the company paid $11 million in ransom to the hackers to resolve the attack. Additionally, Kount’s 5 Trends in 5 Minutes podcast highlights news five university students in China were imprisoned last month for exploiting a glitch in KFC’s mobile ordering app to scam the restaurant for over $30,000 in chicken.
Of course, while attacks on major companies may be bigger news, these are the sort of breaches to which small and medium-sized businesses (SMBs) are vulnerable all the time.
“Attackers have such an overwhelming advantage right now,” Chris Finan, chief operating officer (COO) of cybersecurity firm ActZero and former director of Cybersecurity Legislation and Policy at the National Security Council (NSC) for the Obama administration, told PYMNTS in an interview. “It’s almost unfair to expect a small business to defend itself.”
Business owners are taking note. Data from PYMNTS’ June 2021 report, The Next Wave: Business Adoption Of Digital Identity Protection, an Equifax collaboration, finds that 79 percent of businesses report being willing to sacrifice customer growth to improve the security of their transactions.
Finan said it is “very easy to have empathy” for those who have fallen victim to such attacks, noting, “Almost everybody is grappling with this right now.”