McDonald's cyberattack exposes data in the US and South Korea

The security breach reportedly wasn't the result of a ransomware attack.

Ty Pendlebury Editor
Ty Pendlebury has worked at CNET since 2006. He lives in New York City where he writes about streaming and home audio.
Expertise Ty has worked for radio, print, and online publications, and has been writing about home entertainment since 2004. He is an avid record collector and streaming music enthusiast. Credentials
  • Ty was nominated for Best New Journalist at the Australian IT Journalism awards, but he has only ever won one thing. As a youth, he was awarded a free session for the photography studio at a local supermarket.
Ty Pendlebury
2 min read

McDonald's has been the victim of a cyberattack that exposed data in the US, Taiwan and South Korea.

The fast food chain on Friday told the Wall Street Journal that it had hired external consultants to investigate an internal security breach that exposed some business information for US employees, and some information about restaurants. No US customer data was breached, McDonald's said, and employee data that was exposed wasn't sensitive or personal.

"While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data," McDonald's said in a statement.

However, McDonald's said that only in Korea and Taiwan were customers' personal data accessed, and the company would be taking steps to notify regulators and the customers concerned. The hackers also reportedly stole some employee names and contact information in Taiwan.

The company hasn't yet identified the source of the attack but reportedly said it wasn't a ransomware exploit. 

The McDonald's breach is the latest in a string of high-profile cybersecurity incidents. Last month, Colonial Pipeline was hit by a ransomware attack that shut down operations and led to some people on the East Coast panic-buying gasoline. JBS, one of the largest meat producers in the US, was also forced to shut down some plants last month due to a cyberattack, prompting concerns about possible meat shortages. On Wednesday the company said it paid $11 million to the criminals responsible to get its plants back online.