In mid-2021, McDonalds became the victim of a data breach. The hack involved both internal and external business information in three separate countries. The attackers might have been after something specific, but they ended up with an odd array of data that wasn’t fully secured.
As weird as this was, it also makes some sense. Hackers go after people with big pockets because the ransom is so much better if they grab something juicy.
This is a story of fast fraud – The 2021 McDonalds data breach.
The Data Breach Itself
In late May 2021, hackers gained a foothold in some of McDonalds’ servers. They were experimenting with what systems they could gain access to when their intrusion was discovered.
They didn’t have a lot of time. Usually exploring and gaining a foothold in a large network takes days or weeks to solidify. And gaining access to the information is only half the mission: It all still needs to be properly exfiltrated afterward.
This really had to be fast fraud. The McDonalds hack was only really getting started when they needed to pull the plug. There was still a lot left on the table. But exfiltration of what data they did manage to grab came first. Greed never pays off in cases like that; when faced with small gains or an ‘all or nothing’ strategy, a hacker should always take the gains.
McDonalds and its cybersecurity team took over. By early June, they had completed their data breach analysis. Three countries had been confirmed as being part of the breach: South Korea, Taiwan, and the U.S.A.
The Asia-Pac systems were the worst off Customer and employee data had been leaked, including phone numbers, E-mails, and even the addresses of delivery customers. A package had been exfiltrated that also included employee information such as their names and contact data. But as far as they could tell, no trade secrets, accounting information, or internal planning had been accessed.
The United States part of the firm leaked some business contacts, technical information about vendors used in various franchises, and floor plans. As far as these things go: It could have been a lot worse.
Why Was The McDonalds Data Breach So Quickly Shut Down?
According to CNN Business, it was about preparation and proper security investment.
A representative explained how they caught the hack so quickly with proper investment in early warning systems, cybersecurity tools, and a good relationship with security consultants:
“These tools allowed us to quickly identify and contain recent unauthorized activity on our network. A thorough investigation was conducted, and we worked with experienced third parties to support this investigation.”
They then explained that the next steps would be talking to those who might have been exposed in the breach. These folks would be contacted and told what they might experience if the hackers leaked or sold their information.
Whenever there is a leak of employee information, there can be an increase in phishing and scam attempts against franchises, individual employees, and vendors. Targeted social engineering (or spear-phishing) is much easier when you have a lot of data on the victim and their work environment.
Early Detection is Key
The way that McDonalds handed the hack is the same way industry professionals counteract a data breach: Early detection and swift action.
There are several tools that can be used to help cyber professionals with this:
Firewall rules and network monitoring software are the first things to fine-tune. Defense in depth is the name of the game. Double-cover every ingress and egress point, as well as major information hubs such as databases and E-mail. Look for signs of a breach at every layer of the network and cover every piece of hardware that routes scans, or stores data.
One of the hardest tasks is seeing the actual attack through all of the ‘noise’ generated by normal, day-to-day activities. Machine learning (ML) and artificial intelligence (AI) can help a company to create a workable whitelist and to reduce the number of false alarms they get every day. Keeping software and firmware up to date is critical as well.
Finally, rely on real experts to help lighten the load. It doesn’t matter how qualified your cybersecurity team is, an active attack and the immediate aftermath can use extra hands and eyes.
The Aftermath
As far as McDonalds was concerned, it wasn’t so bad.
Yes, there will always be some reputational fallout from any hacking incident. But even the most venomous media firms had to admit that McDonalds did fairly well this time around. They acted quickly and decisively. They took the appropriate steps to protect their employees and vendors after the attack. And they put the right spin on things.
In the long term, McDonalds came out of this data breach smelling like daisies. For many security news sites, it was a refreshing story, simply because it’s so rare to see the level of competence and corporate responsibility that McDonalds displayed.
It’s a lesson that financial institutions, social media companies, and other recent hacking victims need to learn: There are always consequences of being hacked, but stepping up and taking responsibility is the answer. Not cowering in a corner and hoping that nobody notices.
Protect Yourself
Although the vast majority of customer data was protected, the same cannot be said for employee data.
Without some kind of privacy app installed, the information that the hackers gained in the leak will serve as a way to correlate the online identities of many McDonalds’ employees with their real-life identities.
Hoody is the privacy solution for anyone who had their information leaked in a data breach. To see if your information has ever been leaked, check out HaveIBeenPwned.
Hoody is a privacy app that completely anonymizes browser activity, and stops the biggest threat to online privacy this decade: Browser fingerprinting (unlike VPNs). It’s essential for anyone who doesn’t want their online activity correlated to their real-life identity.