Hackers Strike Again at McDonald's, Losses Being Calculated 0 8

The McDonald’s chain has fallen victim to a hacker attack. The perpetrators obtained data from customers and employees in several countries, including the United States, South Korea, and Taiwan. The investigation revealed that the breach may have also affected Russia and South Africa, according to The Wall Street Journal.

In a communication to employees in the U.S., McDonald’s stated that as a result of the breach, hackers gained access to certain information about the business contacts of employees and franchisees in the U.S., as well as some information about the restaurants, such as seating capacity and playground area. The company claims that personal data of employees and customers were not compromised, and the information obtained by the hackers about employees was not confidential or personal.

According to McDonald’s, the hackers stole customer emails, phone numbers, and delivery addresses in South Korea and Taiwan. In Taiwan, the hackers also obtained information about employees, including names and contact details. The company asserts that the number of stolen files was small, without disclosing the number of affected individuals.

The divisions in South Korea and Taiwan notified regulatory authorities in Asia about the breach. The company advised employees and franchisees to be vigilant against phishing emails and to exercise caution when responding to information requests.

The damage to McDonald's from the hackers' actions ranges from direct financial losses (account hacks, data theft) to reputational risks. Major incidents include:

Data Breach (2025): An AI bot in McDonald's hiring system, due to the use of a primitive password (“123456”), leaked personal data of 64 million people to hackers.

Hack in India (2026): The hacker group Everest claimed responsibility for an attack that resulted in the acquisition of 861 GB of confidential information, including customer data.

Cryptocurrency Promotion (2024): Hackers compromised McDonald's Instagram account to promote a digital coin on the Solana blockchain, leading to a loss of $700,000 for users (reputational damage to the company).

App Hacks (2019–2025): There were instances where hackers accessed the app to order food worth thousands of dollars (e.g., $2,000), with the company often denying reimbursement and suggesting contacting the bank.

“White Hat” Hacker (2025): Security researcher (BobDaHacker) discovered vulnerabilities that allowed free food to be obtained and posted an image of Shrek in the internal system to draw attention to the issue.