Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Jake Kouns (jkounsopensecurityfoundation.org)
Date: Sat Dec 11 2010 - 11:27:09 CST
McDonald's is working with law enforcement authorities after malicious
hackers broke into another company's databases and stole information
about an undetermined number of the fast food chain's customers.
"We have been informed by one of our long-time business partners, Arc
Worldwide, that limited customer information collected in connection
with certain McDonald's websites and promotions was obtained by an
unauthorized third party," a McDonald's spokeswoman said via e-mail on
McDonald's hired Arc to develop and coordinate the distribution of
promotional e-mail messages, and Arc in turn relied on an unidentified
e-mail company to manage the customer information database. This
e-mail company's systems were hacked into.
The data, which customers had provided voluntarily, doesn't include
Social Security Numbers, credit card numbers, nor any sensitive
financial information, she said.
"Rather, the limited information includes what was required to confirm
the customer's age, methods to contact the customer, and other general
preference information," the spokeswoman added.
This means that customer data likely includes full names, phone
numbers, postal addresses and e-mail addresses. The spokeswoman didn't
say what information was required for age confirmation, so it's not
clear if customers simply checked a box saying they were adults or if
they had to provide their date of birth.
"In the event that you are contacted by someone claiming to be from
McDonald's asking for personal or financial information, do not
respond and instead immediately contact us," reads the McDonald's note
to customers. The number to call is 1-800-244-6227.
In addition to working with law enforcement agencies, McDonald's is
probing the security breakdown at the company hired by Arc, which is
the marketing services division of ad agency Leo Burnett. Arc's
specialities include digital communications, direct marketing,
promotions and shopper marketing, according to its website.
The spokeswoman didn't say how many people are potentially affected
and in what countries, besides the U.S. She also didn't say when the
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list
Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works