[BreachExchange] McDonald's Canada reveals hack of careers website
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Mar 31 14:03:21 EDT 2017
http://www.cbc.ca/news/business/mcdonalds-canada-web-hack-1.4049757
The personal information of about 95,000 online job applicants was
compromised in a recent cyberattack on a McDonald's Canada careers website,
the restaurant chain said Friday.
The company said people affected are those who applied online for a job
between March 2014 and March 2017.
McDonald's said the compromised personal information included names,
addresses, email addresses, phone numbers, employment backgrounds and
"other standard application information."
"Importantly, our application forms do not request highly sensitive
personal information such as social insurance numbers, banking information
or health information," the company said.
"At this time, we have no information that the information taken has been
misused," the company said. "We apologize to those impacted by this
incident."
Company spokesperson Adam Grachnik said in email to CBC News that it
appears the breach occurred in mid-March.
"McDonald's Canada monitors its databases for any unauthorized access," he
said. "This monitoring identified unauthorized access to the database."
The company said the website was shut down immediately after it learned of
the breach. The site will remain down until an investigation is complete
and steps are taken to ensure a breach does not happen again, the company
said.
Affected job applicants will be notified by a letter in the mail,
McDonald's said, adding that if a mailing address wasn't provided on the
application the notification will come by email or telephone.
In the wake of the breach, the company is advising people interested in
applying for a job to do so in person at any of its outlets.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170331/d106701d/attachment.html>
More information about the BreachExchange
mailing list