Cyber Attack on McDonald’s Canada Leads to Exposure of 95,000 Job Applicant’s Personal Information

Media Division | March 31, 2017

The McDonald’s Canada career website has suffered an extensive data breach. Those who applied online for a job at the fast food chain within the past few years may have had their personal information exposed by a recent cyber attack.  The breach affects individuals that had applied online between March 2014 and March 2017.

It appears that the breach had been discovered around the same time that it had happened, which was mid-March 2017.  It is being reported that the information affected includes names, addresses, phone numbers, email addresses, employment background, and “other standard employment information.”  Fortunately, the application forms do not ask for any sensitive personal data such as social insurance numbers, health information, or banking information.  McDonald’s took immediate action to remedy and handle the breach, and said in an official statement, “When we learned of this privacy breach we immediately shut down the site and launched an investigation.  The careers web page will remain shut down until the investigation is complete and appropriate measures are taken to ensure that this type of security breach does not happen again.”

How McDonald’s is Handling the Breach

McDonald’s has said that they will be notifying everyone that was affected by the breach either by phone, mail, or email.  They have also stated that they are not aware of any misuse of the compromised information at this time.  A dedicated assistance line has been set up for impacted applicants to call and ask questions in regard to the incident.  It appears that the fast food giant is taking the appropriate steps to address the breach.  Wrongly handling a data breach can lead to many further consequences for the organization and those affected, so it is excellent that they are taking proper mitigation and reparation steps.

The personal data that is contained on job applications can be a large target for cyber attackers, as it can be used for a wide range of malicious purposes. Large data dumps of personal information are often sold among black markets running in the deep web.  There was another recent cyber attack upon the Joblink database, which is run by the Kansas-based company, American Joblink Alliance.  This is a system widely used by employers and unemployed workers all around the country, and around 10 states were affected by this attack. There have been reports that more than 4.8 million people nationwide may have had their personal information jeopardized in this breach. Unfortunately, social security numbers may have been compromised as well, which can be used for identity theft or fraud.

How Cyber Security Monitoring Can Protect an Organization

There are a variety of different vectors that threats and attackers will use to breach organizations.  It is vital that an organization have the consistent awareness of their network and systems, which is where cyber security monitoring can be an extremely valuable tool.  It allows for IT professionals or a dedicated analyst to constantly know the state of their networks or systems, and as well as be alerted in regard to any anomalies or indicators.  They are then able to immediately follow up with these alerts and address them if necessary.  Cyber security monitoring can help to quickly stop a breach in its tracks, as the staff will be immediately alerted to its presence.  Massive Alliance’s dedicated cyber security monitoring services can help to fortify your organization from attacks.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.