Compromised data was in computer system of database management firm hired by a marketing business partner of the fast-food company.
Elinor MillsFormer Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
McDonald's is warning customers who signed up for promotions or registered at any of its online sites that their e-mail address has been compromised by an unauthorized third party.
The customer name, postal address, phone number, birth date, gender, and information about promotional preferences may also have been exposed, the company said in an FAQ on its Web site. Social Security numbers were not included in the database, the company said.
The data was managed by an e-mail database management firm hired by Arc Worldwide, a "longtime business partner" of McDonald's, according to a recorded message on the company's toll-free number. The unnamed database management firm's computer systems were improperly accessed by a third party, McDonald's said.
McDonald's did not disclose the number of records involved or when the breach happened. McDonald's representatives did not immediately return a call seeking comment this morning.
"This incident has nothing to do with credit card use at the restaurants," the FAQ says. "The database that was accessed by the unauthorized third party did not contain any credit card information or any other financial information. Further, the information in the database was not gathered from our restaurant registers, but from voluntary subscriptions to our websites or promotions."
McDonald's is informing customers by sending e-mails to people who subscribed on the sites and has notified law enforcement authorities. The company advised customers to be wary of anyone calling them reporting to be from McDonald's and to report it to the company if that happens.