News

McDonald’s customers’ data compromised

December 12, 2010

McDonald’s is scrambling to clean up a potential customer data security breach by an unauthorized third party. The quick-service giant issued an alert on its website about the attack, and is currently working with law enforcement authorities to pinpoint and stop the source.

According to PCWorld, the hackers broke into a database and stole personal information, including ages, mobile phone numbers and addresses, from an undetermined number of customers.
Most of the compromised information was entered through the McDonald’s Monopoly promotion.

Arc Worldwide, a McDonald’s business partner that develops and coordinates the distribution of promotional emails, contracted an email service provider - a standard business practice - to manage the email database. That contracted provider’s computer systems were recently accessed by the unauthorized third party.

McDonald’s promotions do not solicit sensitive information, such as credit card or Social Security numbers. 

Customers who are contacted by someone claiming to be from McDonald’s asking for personal or financial information should ignore the requests and immediately call 1-800-244-6227.

It is unknown how many customers were affected by the breach. In addition to working with law enforcement, McDonald’s is also investigating the security breakdown through Arc’s hired email service provider.

From the story:

"We have been informed by one of our long-time business partners, Arc Worldwide, that limited customer information collected in connection with certain McDonald's websites and promotions was obtained by an unauthorized third party," a McDonald's spokeswoman said.