In an interesting twist to the Walgreen Co. list hacking and phishing attack yesterday, it is noted the Mcdonalds has also recently issued a similar notice to its subscriber base. It is likely these attacks are directly related to the ongoing phishing attempts that large ESP’s have found themselves the target of.
It has been reported by SecLists today (and confirmed with EMailExpert via Mcdonalds) that McDonald’s is working with law enforcement authorities after malicious hackers broke into another company’s databases and stole information about an undetermined number of the fast food chain’s customers.
“We have been informed by one of our long-time business partners, Arc Worldwide, that limited customer information collected in connection with certain McDonald’s websites and promotions was obtained by an unauthorized third party,” a McDonald’s spokeswoman said via e-mail on Saturday.
It is possible and even likely that data includes full names, phone numbers, postal addresses and e-mail addresses. The notice posted by Mcdonalds is as follows:
Potential Access to Customer Data by Unauthorized Third Party
Dear Valued McDonald’s Customer,
Our records indicate you previously elected to submit information to McDonald’s in connection with one of our websites or promotions. We wanted to let you know there is a possibility that the limited information you provided to McDonald’s through its websites or promotions was improperly accessed by an unauthorized third party.
By way of background, McDonald’s asked Arc Worldwide, a long-time business partner, to develop and coordinate the distribution of promotional emails. Arc hired an email service provider, a standard business practice, to supervise and manage the email database. That email service provider has advised that its computer systems recently were accessed by an unauthorized third party, and that information, including information that you provided to McDonald’s, may have been accessed by that unauthorized third party. Law enforcement officials have been notified and are investigating this incident.
McDonald’s does not collect sensitive financial information, such as Social Security Numbers or credit card numbers on-line or through email. As such, the information improperly accessed did not include this type of information. Rather, the limited information you provided to McDonald’s included information required to confirm your age, a method to contact you (such as name, mobile phone number, and postal address and/or e-mail address), and other general preference information. In the event that you are contacted by someone claiming to be from McDonald’s asking for personal or financial information, do not respond and instead immediately contact us at the number below so we can contact the authorities. Please remember, McDonald’s would not ask for that type of information online or through email.
We apologize for any concern this incident may cause. Protecting our valued customers is very important to us. If you have any questions or concerns, rather than replying to this email, please contact us immediately at our toll-free number 1-800-244-6227.
McDonald’s Customer Satisfaction Team