If you gave personal information to McDonald’s in exchange for free McRib or a Shamrock Shake, you might be one of the customers whose information was exposed after a security breach involving an email marketing management firm.
McDonald’s released a statement explaining that information was obtained by an “unauthorized third party,” but added that financial information and social security numbers were not part of the data accidentally exposed:
“We have been informed by one of our long-time business partners, Arc Worldwide, that limited customer information collected in connection with certain McDonald’s websites and promotions was obtained by an unauthorized third party,” McDonald’s said in a statement. “Arc retained the services of an email database management firm whose computer systems were improperly accessed by a third party.”
Although the riskier data mentioned above is irrelevant to the breach (who would give up their SSN for cold fries and a rubbery burger?), other identifying demographic information as well as phone numbers, physical addresses and full, real names were exposed to the hackers . McDonald’s informed customers via email that their information had been compromised, and reminded those affected not to disclose any further information to people claiming to represent McDonald’s.