McDonald’s says customer data exposed in security breach

If you gave personal information to McDonald’s in exchange for free McRib or a Shamrock Shake, you might be one of the customers whose information was exposed after a security breach involving an email marketing management firm.

McDonald’s released a statement explaining that information was obtained by an “unauthorized third party,” but added that financial information and social security numbers were not part of the data accidentally exposed:

“We have been informed by one of our long-time business partners, Arc Worldwide, that limited customer information collected in connection with certain McDonald’s websites and promotions was obtained by an unauthorized third party,” McDonald’s said in a statement. “Arc retained the services of an email database management firm whose computer systems were improperly accessed by a third party.”

Although the riskier data mentioned above is irrelevant to the breach (who would give up their SSN for cold fries and a rubbery burger?), other identifying demographic information as well as phone numbers, physical addresses and full, real names were exposed to the hackers. McDonald’s informed customers via email that their information had been compromised, and reminded those affected not to disclose any further information to people claiming to represent McDonald’s.