McDonald's is working with law enforcement authorities after malicious
hackers broke into another company's databases and stole information
about an undetermined number of the fast food chain's customers.
"We have been informed by one of our long-time business partners, Arc
Worldwide, that limited customer information collected in connection
with certain McDonald's websites and promotions was obtained by an
unauthorized third party," a McDonald's spokeswoman said via e-mail on
Saturday.
McDonald's hired Arc to develop and coordinate the distribution of
promotional e-mail messages, and Arc in turn relied on an unidentified
e-mail company to manage the customer information database. This
e-mail company's systems were hacked into.
The data, which customers had provided voluntarily, doesn't include
Social Security Numbers, credit card numbers, nor any sensitive
financial information, she said.
"Rather, the limited information includes what was required to confirm
the customer's age, methods to contact the customer, and other general
preference information," the spokeswoman added.
This means that customer data likely includes full names, phone
numbers, postal addresses and e-mail addresses. The spokeswoman didn't
say what information was required for age confirmation, so it's not
clear if customers simply checked a box saying they were adults or if
they had to provide their date of birth.
"In the event that you are contacted by someone claiming to be from
McDonald's asking for personal or financial information, do not
respond and instead immediately contact us," reads the McDonald's note
to customers. The number to call is 1-800-244-6227.
In addition to working with law enforcement agencies, McDonald's is
probing the security breakdown at the company hired by Arc, which is
the marketing services division of ad agency Leo Burnett. Arc's
specialities include digital communications, direct marketing,
promotions and shopper marketing, according to its website.
The spokeswoman didn't say how many people are potentially affected
and in what countries, besides the U.S. She also didn't say when the
breach happened.
No comments:
Post a Comment