Not lovin’ it: Cyberattack on McDonald’s Canada exposes personal data of 95,000 applicants

Not lovin’ it: Cyberattack on McDonald’s Canada exposes personal data of 95,000 applicants
A security breach in McDonald’s Canada’s career website, which contained personal info from thousands of job-seekers, prompted the fast food giant to halt online recruiting in the country, adding to the company’s recent issues with personal data handling.

The hack affected around 95,000 people who applied online for a job at McDonald’s Canada restaurants between March 2014 and March 2017, according to a statement published on Friday. 

“At this time, we have no information that the information taken has been misused,” the statement reads. “We apologize to those impacted by this incident.”

Exposed data was “limited” to the applicant’s name, address, email, phone number, and employment background, as the online application did not require “highly sensitive” personal information, such as social insurance numbers, health or banking information.

The hack prompted the fast food chain to shut down the online application website and launch an investigation. They have also promised to notify the affected applicants.
The company asked potential future applicants to use the proven old-school method and apply for a job in person until the security breach is fixed.

The hack was acknowledged about two weeks after a report emerged on personal data leaks through McDonald’s India app, McDelivery. A security research startup from Bengaluru called Fallible reported that the Indian delivery service app was leaking data of 2.2 million users in India, including customer name, email, phone number, home address, social profile links, and even accurate home co-ordinates.

McDelivery has reportedly acknowledged the leak. However, McDonald’s India said their website and app do not store any sensitive financial data of users “like credit card details, wallets passwords or bank account information.”