The fast food mega chain McDonald’s is the latest company to have private data stolen by a third party, The Wall Street Journal reports. Unlike other recent attacks on CNA Financial and the Colonial Pipeline, McDonald’s claims it isn’t dealing with ransomware, but store information in the US was taken, along with some customer information in South Korea and Taiwan.
The breach comes on the heels of recent hacks on a number of major companies, including JBS, the world’s largest meat processor, and Colonial Pipeline, which supplies almost half of the fuel on the East Coast. However, unlike those breaches, the McDonald’s breach did not involve ransomware. The company has not yet identified the source of the attack.
“McDonald’s understands the importance of effective security measures to protect information, which is why we’ve made substantial investments to implement multiple security tools as part of our in-depth cybersecurity defense,” the company said in a statement, the WSJ reported. “These tools allowed us to quickly identify and contain recent unauthorized activity on our network.”
CISOs and other security experts had varying reactions to the attack. “In the minds of threat actors, everyone is fair game,” said Tom Garrubba, CISO of Shared Assessments. “The onslaught of breaches and other vicious cyberattacks are not letting up and therefore, we must be more diligent in ensuring we do not let our guard down.”
While many organizations have stressed over defending personally identifiable information of customers and employees, now, we’re also seeing a large uptick in attacks on organizations that don’t appear to involve personal data, Garrubba said. Infrastructure and other confidential data are now becoming big targets.
Roger Hale, CSO of BigID, called the McDonald’s data breach very limited and said it was an exfiltration of customer delivery data and employee contact data. “These data types would not usually be kept in the same business systems, with the exception being unstructured data, which most security professionals will tell you is more difficult to protect as collaboration tools are designed specifically to ‘share’ data,” Hale said.
It is too soon to know whether this breach can be linked to the latest string of ransomware attacks, Hale said. “However, Russia, China and other nation-states benefit from any cyber disruption. CISOs and their technology partners need to acknowledge the greater likelihood of a ransomware-type attack not only from a business resiliency impact … but also from the data exfiltration/data breach impact.”
Hale added that it could be months before we see if the operational data from Colonial can be weaponized or quantified to further disrupt the energy industry. The first impact was the shutdown of the systems, but it is unclear if that data exfiltrated and if so, how it can be used in the future.
He said he would be “surprised if the U.S. and our allies are not already using offensive cyber tools to respond and deter nation state-sponsored cyber disruption.”
Keatron Evans, principal security researcher at Infosec, said that this latest breach “could be a sign that security is actually improving.” Evans explained that McDonald’s cited recent investments into cybersecurity as one of the reasons the company responded and reported the incident so quickly.
“Maybe the recent string of reported events is due to those large security budgets starting to render measurable results,” said Evans, who is also an instructor and speaker. “In our industry, we have evangelized spending on detection and response, and it seems as though that message may have resonated.”