McDonald’s Hacked: Customer Data Accessed by Unauthorized Third Party
McDonald’s recently made public that via one of its partners, customer data was improperly accessed by a third party. The company stresses that Arc Worldwide, a long-time business partner used to develop and coordinate the distribution of promotional e-mails for McDonald’s, was only the victim of a limited amount of information breaching. The breach occurred via an e-mail service provider that Arc hired to supervise and manage the e-mail database. The limited customer information that was accessed includes items such as: name, address, phone number, birth date and gender. The database that was accessed did not contain social security numbers, credit card information or any other financial information.
McDonald’s has put up a lengthier briefing regarding the potential unauthorized customer data breach on their website. We’ve also included the release below for your convenience:
Dear Valued McDonald’s Customer,
Recently McDonald’s was informed by one of its partners that limited customer information collected in connection with our promotions or websites was improperly accessed by a third party. Limited customer information such as name, address, phone number, birth date and gender was included in the information that was accessed. It is important to note that this incident has nothing to do with credit card use at the restaurants. The database did not contain any credit card information or any other financial information.
By way of background, McDonald’s asked Arc Worldwide, a long-time business partner, to develop and coordinate the distribution of promotional emails. Arc hired an email service provider, a standard business practice, to supervise and manage the email database. That email service provider has advised that its computer systems recently were accessed by an unauthorized third party, and that information, including information that customers provided to McDonald’s, was accessed by that unauthorized third party. Law enforcement officials have been notified and are investigating this incident.
McDonald’s does not collect sensitive financial information, such as Social Security Numbers or credit card numbers on-line or through email. As such, the information improperly accessed did not include this type of information. Rather, the limited information provided to McDonald’s included information required to confirm age, a method to contact our customers (such as name, mobile phone number, and postal address and/or e-mail address), and other general preference information.
In the event that you are contacted by someone claiming to be from McDonald’s asking for personal or financial information, do not respond and instead immediately contact us at the number below so we can contact the authorities. Please remember, McDonald’s would not ask for that type of information online or through email.
We apologize for any concern this incident may cause. Protecting our valued customers is very important to us. If you have any questions or concerns, please contact us immediately at our toll-free number 1-800-244-6227.Sincerely,
McDonald’s Customer Satisfaction Team