Mitch Lipka reports:
McDonald’s is warning its customers of the theft of a database of customers who signed up for promotions, such as its Monopoly game. The data breach makes them vulnerable to phishing attacks and other scams and identity theft.
McDonald’s stressed that its records don’t include financial information or Social Security Numbers. But it would include customers’ ages, phone numbers, email addresses and physical addresses.
Read more on Wallet Pop.
McDonald’s statement says, in part:
Our records indicate you previously elected to submit information to McDonald’s in connection with one of our websites or promotions. We wanted to let you know there is a possibility that the limited information you provided to McDonald’s through its websites or promotions was improperly accessed by an unauthorized third party.
By way of background, McDonald’s asked Arc Worldwide, a long-time business partner, to develop and coordinate the distribution of promotional emails. Arc hired an email service provider, a standard business practice, to supervise and manage the email database. That email service provider has advised that its computer systems recently were accessed by an unauthorized third party, and that information, including information that you provided to McDonald’s, may have been accessed by that unauthorized third party. Law enforcement officials have been notified and are investigating this incident.
McDonald’s has also created an FAQ about the breach.