McDonald's has disclosed that one of its customer databases was hacked but insists that no financial information was stolen in the breach.
The fast food chain reported yesterday that the hacker was able to grab e-mail addresses, mailing addresses, phone numbers, birthdates, and other customer information of people who signed up online for special promotions. In a statement e-mailed to CNET, the company said that no credit card numbers, Social Security numbers, or other sensitive financial data were compromised.
McDonald's said it was informed of the breach by one of its business partners, Arc Worldwide, which had collected customer information related to certain McDonald's Web sites and promotions. A database storing that information and maintained by a third-party database management provider was hit by the breach. McDonald's said that it is working with Arc and the third-party company to understand how security was bypassed and that it has been notifying customers affected about the breach via e-mail.
"The incident has resulted in an investigation by law enforcement authorities," McDonald's said in its statement. "Arc and McDonald's are cooperating with the appropriate authorities as we work to protect our valued customers. We have attempted to notify all of our active subscribers, who voluntarily provided information in connection with the websites and promotions involved in this incident."
Though no financial details apparently were stolen, the perpetrators do have e-mail addresses and other personal information. As a result, McDonald's is urging people who signed up for online promotions to be suspicious of anyone claiming to be from the company asking for personal or financial information by e-mail. Customers who receive such messages are advised to contact McDonald's directly.