Food for thought: McDonald’s is the next big corporation to fall victim to a major cyber-attack.
A McDonald’s Canadian unit said that 95,000 job applications were compromised from a cyber-attack that took place on the 31st March. It’s believed that the cyber-attackers retrieved information such as names, addresses, email addresses, phone numbers, and employment backgrounds from a careers website.
The users affected by the hack are said to be candidates who applied for jobs at one of Canadian branches between March 2014 and March 2017.
McDonald’s has reportedly taken measures to rectify the issue by closing the careers website after they heard about the cyber-attack.
They noted that it’ll remain closed until an ongoing investigation is complete.
Although they’ve attempted to take measures to rectify the breach, 95,000 victims is a colossal amount.
McDonald’s provides reassurances that they don’t believe the information taken had been misused; but how can they be so sure? Companies often play-down the adverse effects following from a breach and continue to provide reassurance by saying that sensitive personal information didn’t form a part of the leak, as they don’t ask such information from applicants.
But a leak has still happened.
The assumption that the information hasn’t been misused is wrong in our view
This assumption is supported by Ira Nishisato, a national leader of cybersecurity and cyber risk-management at Borden Ladner Gervais in Canada. Ira says that, from his experience, it’s usually not known how the personal data is used on the outset of the data breach:
“…you’re aware certain information may have been compromised but you’re typically not aware of the full extent of the breach or of what use that information may have been put to.”
It’s a tip of the iceberg scenario.
As with health records, there’s a market for personal information on the so-called “dark web”. With the sheer number of personal information breached, cyber-attackers can make a profitable sum by selling it on the black market. Ira notes that the selling off of such information can lead to identity theft and all other kinds of illegal activity.
Although McDonald’s is providing reassurances that the personal information of 95,000 applicants weren’t misused, it’ll clearly take time for the personal information to be sold or used in a way contrary to the wishes of the data owner. With stolen information, it’s never normally the case of if, but rather when.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.