Major cyberattacks seem a dime a dozen these days, especially with businesses that might not seem like possible targets. For example, McDonald’s restaurants recently suffered a data breach. Let’s take a look at the situation, how it played out, and what we can learn from it.
McDonald’s Corp made the announcement that their data had been stolen by hackers following a breach of their systems in South Korea, Taiwan, and the United States. The company identified that unauthorized activity had been found on their internal infrastructure and cut off after a week. They hired consultants to investigate the issue and found that their data had been stolen by the intruders.
Employees in the United States were informed that the breach involved contact information for franchises and employees, as well as the infrastructural data from its locations. It’s fortunate that no sensitive data regarding employees or customers was stolen. Despite this, however, McDonald’s is urging its employees to stay alert for phishing emails targeting them.
For the Asian markets, stolen data included customer emails, phone numbers, and delivery addresses. Regulators have been informed, and the company has also reached out to employees in South Africa and Russia to check whether or not there were breaches in those locations.
Here’s a sigh of relief; this breach is one of the few in recent headlines that didn’t utilize ransomware. That said, there is a trend in recent attacks using ransomware to further their goals. Two of the largest attacks in recent memory, the Colonial Pipeline, and JBS hacks, were all thanks to ransomware. Other recent hacks also exposed sensitive information; for example, Volkswagen recently suffered an attack in which data for prospective buyers and existing customers was stolen. All in all, there is some consistency to these attacks growing bold enough to target larger organizations.
With the advent of the double-extortion ransomware attack, in which data is encrypted, stolen, and potentially released on the Internet, it is clear that cyberattacks are only growing stronger and more dangerous as time goes on. These infections are typically spread through the use of phishing campaigns, so it is critical that you not only protect your business with security solutions, but also by educating yourself and your team members on how to appropriately approach these types of attacks.
We recommend that your organization’s employees be trained on how to identify potential threats, how to respond to them, and what to do in the event that they do get tricked into falling for the phishing threat. R&L IT & Telecom Consultants can help you work towards this goal of training your employees to act according to established network security standards. To learn more about how we can help your business, reach out to us at (718) 685-2959.