95,000 McDonald's Applicants Personal Information Hacked

Food for thought: McDonald’s is the next big corporation to fall victim to a major cyber-attack.

A McDonald’s Canadian unit said that 95,000 job applications were compromised from a cyber-attack that took place on the 31^st March. It’s believed that the cyber-attackers retrieved information such as names, addresses, email addresses, phone numbers, and employment backgrounds from a careers website.

The users affected by the hack are said to be candidates who applied for jobs at one of Canadian branches between March 2014 and March 2017.

McDonald’s response

McDonald’s has reportedly taken measures to rectify the issue by closing the careers website after they heard about the cyber-attack.

They noted that it’ll remain closed until an ongoing investigation is complete.

Although they’ve attempted to take measures to rectify the breach, 95,000 victims is a colossal amount.

McDonald’s provides reassurances that they don’t believe the information taken had been misused; but how can they be so sure? Companies often play-down the adverse effects following from a breach and continue to provide reassurance by saying that sensitive personal information didn’t form a part of the leak, as they don’t ask such information from applicants.

But a leak has still happened.

The assumption that the information hasn’t been misused is wrong in our view

This assumption is supported by Ira Nishisato, a national leader of cybersecurity and cyber risk-management at Borden Ladner Gervais in Canada. Ira says that, from his experience, it’s usually not known how the personal data is used on the outset of the data breach:

“…you’re aware certain information may have been compromised but you’re typically not aware of the full extent of the breach or of what use that information may have been put to.”

It’s a tip of the iceberg scenario.

As with health records, there’s a market for personal information on the so-called “dark web”. With the sheer number of personal information breached, cyber-attackers can make a profitable sum by selling it on the black market. Ira notes that the selling off of such information can lead to identity theft and all other kinds of illegal activity.

Although McDonald’s is providing reassurances that the personal information of 95,000 applicants weren’t misused, it’ll clearly take time for the personal information to be sold or used in a way contrary to the wishes of the data owner. With stolen information, it’s never normally the case of if, but rather when.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.