An undisclosed group of hackers successfully breached into the database and servers of the $106 billion fast food chain McDonald’s. Representatives of McDonald’s Canada admitted to the theft of three years worth of applicant data.
In a statement, McDonald’s Canada further revealed that personal information of 95,000 applications were stolen from the local servers of the company. A wide range of sensitive data was compromised, including names, addresses, phone numbers, employment histories and more.
According to a McDonald’s Canada spokesperson, financial data of applicants was not listed and stored in the database which was breached into by hackers. However, the firm stated that as of now, it is unable to provide any further information in regard to motive of the hacking attack.
“At this time, we have no information that the information taken has been misused. We apologize to those impacted by this incident,” McDonald’s Canada said in a statement.
Cybersecurity analysts including Ira Nishisato, partner of the Toronto-based law firm Borden Ladner Gervais LLP, noted that the likelihood of stolen applicant information being auctioned off on the Dark Web is relatively high. Nishisato explained that hackers often target databases and servers of large scale corporations and sell personal information on the Dark Web for digital currencies like bitcoin and Monero.
He warned McDonald’s Canada against potential misuse of information and the possibility of the data theft leading to various crimes such as identity theft.
“When large scale data breaches occur you have a tip of the iceberg phenomenon. You’re aware certain information may have been compromised but you’re typically not aware of the full extent of the breach or of what use that information may have been put to.Hackers who are able to penetrate systems through data breaches will resell personal information for considerable amounts of money. That can lead to identity theft and other illegal activity,,” Nishisato said.
More importantly, Nishisato emphasized the importance of implementing necessary security measures to ensure local servers and databases remain immutable. As he noted, it is inevitable for centralized databases to suffer from hacking attacks and breaches. In fact, Nishisato explained that it is just a matter of time before a database could be hacked.
“When it comes to a data breach, it’s not an if it’s a when. It’s fair to say you can never be 100 per cent cyber-secure. But there is a great deal you can do you limit your exposure and liability from a legal perspective,” he explained.
Unless a database is decentralized in nature, it is not possible for it to become completely immutable and unbreachable. However, several major companies including IBM use a technology called safeguards to protect local databases from potential hacking attempts.
The implementation of safeguards enables a database or a blockchain platform to automatically detect external hacking or DDoS attacks. Upon the discovery of a severe attack, safeguards shut down the entire database, eliminating the possibility of data theft.
Although technologies like safeguards are normally utilized by blockchain service providers, they can be implemented onto conventional database platforms. For the interests of consumers, employees and stakeholders, it is important for corporations including McDonald’s to practice appropriate security methods to protect their data.
In the foreseeable future, a section of the McDonald’s Canada webpage and database will be shut down and disabled for use. Currently, the company is working with cybersecurity firms to analyze the hacking attack and build appropriate security measures to prevent such attacks in the future.
“The careers webpage will remain shut down until the investigation is complete and appropriate measures are taken to ensure that this type of security breach does not happen again,” McDonald’s said.