Inside The McDonalds Data Breach
Last year, a fast-food giant became the unlikely target for a group of hackers. Then again, if something like a ransom was their ultimate goal, maybe it isn’t so odd… McDonalds has plenty of money to go around after all.
The 2021 McDonalds data breach was an attack that affected three countries, involving both internal and external business assets.
Getting hacked is always bad, but things could have been far, far worse if the company didn’t take a few precautions ahead of time while investing in some strong preventative measures.
This article talks about the 2021 McDonalds data breach in depth. We will discuss what went wrong, what went right, and who was most impacted by the attack.
The Data Breach
In late May 2021, cybercriminals gained a foothold in the McDonalds server farm. They were in the process of checking out what systems they could gain access to (and thus expanding their grip on the infrastructure) when the intrusion was discovered.
Why did the attackers get caught in the middle of the act? Ignore what most movies would have you think; hacks like these can take days or weeks to fully execute. It takes a lot of time to scan everything on a network, probe for additional vulnerabilities in such a way that won’t attract a lot of attention, and calculate the next attack vector.
And remember: Getting access to the information is only half the battle. After everything has been discovered and collected, there needs to be an egress method. Without some way to get the data out that won’t raise alarm bells or trigger firewall rules, it’s stuck in Limbo.
The McDonalds hack was only really getting started when it got shut down. There were still so many systems to explore. But the early discovery of the intrusion forced the hackers to exfiltrate quickly. They got out with whatever data they could and called it a day.
In early June 2021, the company completed its data breach analysis (with the help of a third-party security firm). They were ready to go to the press and simultaneously warn their staff about what they might expect in the days to come.
Three countries were part of the breach: The U.S.A., South Korea, and Taiwan.
The Asia-Pacific servers were hit the hardest. Both customer and employee data had been leaked. Phone numbers, E-mails, the addresses of delivery customers, and vendor data were leaked in South Korea. Taiwan got hit for a lot of internal information, which included employee data like names and contact information.
The United States franchises got off easy by comparison. They mostly leaked business contacts, site floor plans, and some technical information about vendors that were used in various franchises.
How Did The McDonalds Data Breach Get Interrupted?
Speaking to CNN Business, a corporate representative explained how they caught the hack so quickly: An investment in early warning systems, a good relationship with security consultants, and modern cybersecurity tools combined to make the difference:
“These tools allowed us to quickly identify and contain recent unauthorized activity on our network. A thorough investigation was conducted, and we worked with experienced third parties to support this investigation.”
They explained that the next steps included talking to all of the people who might have been exposed in the breach and letting them know what they might expect if the hackers leaked their information or came after them.
They explained that there might be an increase in phishing attempts and online scams against both employees and vendors. Anyone who knows vendor specifics, floor plans, and other insider information have an edge when doing social engineering.
McDonalds message to the media, which seemed to be well-received, was simple: It could have been worse.
Early Detection Methods
Early detection of the hack is critical if a company wants to get out of a hack with its skin intact. There are many tools that can be used to help facilitate this.
Firewall rules and network monitoring software can get quite specific in the things that they detect. So defense in depth is key. Every layer of the OSI network model needs to be covered.
Alert filtering is also important. Sometimes it’s hard to see an actual attack in progress through the ‘noise’ generated by day-to-day activities. Machine learning is one method that can help a company to develop an alert system and to reduce the number of false alarms. Keeping software and firmware updated helps to protect against even newer and more novel hacks.
The Aftermath
Though there is always reputational fallout from a hacking incident, and having your name associated with any data breach is bad for business, there are ways to turn the message around.
That’s exactly what the fast-food chain did. Even the most cynical of media firms had to admit that McDonalds acted quickly and decisively. They took the appropriate steps to protect their employees and vendors afterward too. Those are acts of self-interest, but they’re ones to publicize if they’re done right.
In the long term, McDonalds handled this data breach very well. It is rare to see the level of competence and corporate responsibility that they displayed in modern times. There’s a reason why security industry professionals suggest industry best practices, and this was one case where McDonalds executed them to perfection.
How To Protect Yourself
Although the vast majority of customer data was protected, the same cannot be said for employee data.
Without some kind of privacy app installed, the information that the hackers gained in the leak will serve as a way to correlate the online identities of many McDonalds’ employees with their real-life identities.
Hoody is the best bet for anyone who had their information leaked in a data breach. To see if your information has ever been leaked, check out HaveIBeenPwned.
Hoody is a privacy app that completely anonymizes browser activity, and stops the biggest threat to online privacy this decade: Browser fingerprinting (unlike VPNs). It’s essential for anyone who doesn’t want their online activity correlated to their real-life identity.