McDonald’s Korea fined $540k over data breach
The leak was said to be due to lax management.
McDonald’s Korea was fined by the Personal Information Protection Commission after hackers managed to steal the personal data of 4.87 million customers due to the company’s lax management practices, local news agency Yonhap reported.
According to the findings of the commission, the Korean branch of the American fast-food chain did not perform sufficient access control, leaving a backup file containing the personal data of its restaurant and McDelivery customers accessible via protocols for file sharing.
McDonald’s Korea also failed to destroy the personal data of 766,895 customers for whom the data retention period had expired and was late to notify authorities of the data leak.