McDonalds Got McHacked!

204

McDonalds is another website that has been a recent victim of having their database that stores customers information that registers on their website hacked. Over the weekend, Gawker Media was hacked also. No credit card information or social security numbers were in this database, but names, addresses, phone numbers, and date of births were stored in it.

Below is an official post on McDonalds website answering frequently asked questions

1. How was a third party able to improperly access McDonald’s customer data?Unfortunately, a third party was able to defeat the security measures put in place by the email database management firm to protect the information you provided to us. Law enforcement authorities have been notified and are investigating the matter.

2. What information was contained in McDonald’s customer database that was improperly accessed?The information contained in the database is limited to your email address and potentially also your name, postal address, home or cell phone number, birth date, gender, and certain information about your promotional preferences or web information interests. This is information you provided when you signed up or subscribed. The database did not contain Social Security Numbers, credit card numbers or any sensitive financial information, since McDonald’s did not collect this information.

3. Did the database include my Social Security Number?No. The database did not contain Social Security Numbers, credit card numbers or any sensitive financial information, since McDonald’s did not collect this information. If you are contacted by any person claiming to be from McDonald’s asking for your sensitive financial information in connection with a promotion or otherwise, do not provide it. Instead, please call 800-244-6227 and let us know so we can contact the authorities.

4. I have used my credit card before at McDonald’s to pay for a purchase. Does that mean that McDonald’s has my credit card information in its database? Absolutely not. This incident has nothing to do with credit card use at the restaurants. The database that was accessed by the unauthorized third party did not contain any credit card information or any other financial information. Further, the information in the database was not gathered from our restaurant registers, but from voluntary subscriptions to our websites or promotions.

5. How did McDonald’s get my information in a database?You chose to submit information or subscribe to McDonald’s during an online promotion or through one of McDonald’s websites at McDonalds.com, 365Black.com, McDonalds.ca, mcdonaldsmom.com, mcdlive.com, monopoly.com, playatmcd.com, or meencanta.com.

6. Does this mean that I am the victim of identity theft? No. The information in the database, without more, should not allow someone to commit identity theft.

7. Is an investigation being conducted? Yes. McDonald’s takes this matter very seriously. Law enforcement authorities have been contacted and are investigating the matter.

8. I applied for a job online, does that mean my information has been improperly accessed? OR I submitted an e-mail complaint through an online form on mcdonalds.com, does that mean that my information has been improperly accessed?No. This issue is specifically related to the database when you elected to submit information or subscribe to McDonald’s during an online promotion or through one of McDonald’s websites such as those at McDonalds.com, 365Black.com, McDonalds.ca, mcdonaldsmom.com, mcdlive.com, monopoly.com, playatmcd.com, or meencanta.com

9. How do I know if my information was affected by this incident? McDonald’s attempted to send an e-mail to each active subscriber that was contained in the database. McDonald’s used the email address it had to try to reach you. McDonald’s customer database only contains the limited information you provided at the time you signed up.

10. I don’t want to be part of this database anymore. How do I remove myself and information? You may visit McDonalds.com at any time to “unsubscribe.” The area or link to unsubscribe is located at the bottom of the home page at McDonalds.com.

11. What is McDonald’s doing to help me?McDonald’s is cooperating with law enforcement authorities. McDonald’s takes the protection of its customers very seriously. Upon learning of this incident, we acted quickly to notify you, so that you would be prepared in case someone pretended to be from McDonald’s to solicit financial information.

12. What should I do if I get an email from McDonald’s that appears suspicious or asks me for personal information? If you are contacted by email or otherwise by someone claiming to be from McDonald’s asking for your sensitive financial information, do not provide it. McDonald’s does not ask for that type of information on-line or by email. Instead, please call us at 800-244-6227 and let us know so we can contact the authorities.

13. What should I do now that someone else has my information?The information in the database alone, would not allow someone to engage in identity theft. The information involved did not include social security numbers, credit card numbers or any other sensitive financial information. If you are contacted by any person claiming to be from McDonald’s asking for your sensitive financial information in connection with a promotion, do not provide it. Instead, please call 800-244-6227 and let us know so we can contact the authorities.

Tim Martin is a Technology specialist, who gives us insights into the technology and software that helps us to get through our day. Technology is everywhere, an increasingly pervasive part of our lives. Tim helps us make sense of it in many ways.