Data breach at McDonald’s – what on Earth did they want, a Big Mac?

data breach
Image by Kuzina Natali | Bigstockphoto

The recent data breach at McDonald’s in South Korea and Taiwan just sounds weird. Attacks on banks, insurance companies, and telcos are easier to comprehend, but McDonald’s makes you scratch your head in confusion.

McDonald’s customers are, almost by definition, anonymous. You do not need to give your name, so the only thing that the data breach might yield on the useful/saleable information side is a credit card number. And a credit card number by itself, probably a contactless transaction anyway, gives up no name or security code.

The report says that no customer information was harvested during the data breach. Only a ‘small number of files were accessed, some of which contained personal data.’

The data breach was discovered by external consultants and resulted from unauthorised activity on the network, and the whole thing seems curiously unimportant.

One possibility, of course, is that an ex-employee was behind the attack – no ransom was demanded – and what he or she was after was a way of getting back at the person who sacked him. Perhaps. Or perhaps someone was attacking McDonald’s because it was there. A joke, or a dare or bet.

In a world where a data breach is commonplace, you would think that you would attack a company with data worth breaching.

The sad fact is that data breaches are now so common, causing a lot of people a lot of stress. The recent survey by Trend Micro, polling over 2,000 security professionals, uncovered the shocking fact that 70% of those professionals were suffering so much stress from the threat of a data breach or other security issue that their home lives were being negatively impacted.

At a time when there seem to be fewer and fewer professionals defending networks against a rising threat of a data breach, many walk away, and others hope that someone else will step in, and some simply turn off their alerts. And they are not, it seems, supported by senior management, who would rather think up ways of increasing revenue than spend money shoring up security.

Whatever and whoever was behind the strange data breach at McDonald’s, we may never know. It certainly does increase the feeling of helplessness and stress amongst those who probably thought they were not even a target. And as a result, it increases stress amongst those who do.

Related article:

Did we just give up on cybersecurity? Is it because the problem is too big?

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.