McDonald's Canada careers website hack compromises 95,000 job seekers' personal data

McDonald's Canada said on Friday (31 March) that its career website was recently hacked, compromising the personal data of around 95,000 restaurant job applicants.

The accessed information included names, addresses, email addresses, phone numbers, employment background and other standard job application information of people who applied online for a job at McDonald's Canada restaurants between March 2014 and March 2017.

The fast-food company noted that the site does not collect social insurance numbers, banking information or health information. The breach seemed to have occurred in mid-March this year, McDonald's said.

"McDonald's Canada monitors its databases for any unauthorized access," the company said in a statement. "This monitoring identified unauthorized access to the database.

"When we learned of this privacy breach we immediately shut down the site and launched an investigation. The careers website will remain shut until the investigation is complete and appropriate measures are taken to ensure that this type of security breach does not happen again.

"We apologize to those impacted by this incident."

The firm said they also "took steps to quarantine the affected database" to prevent further exposure and notified privacy commissioners in every jurisdiction about the security breach.

However, McDonald's Canada said there is currently no evidence that the information taken has been misused. Applicants affected by the breach will be notified soon. Meanwhile, anyone interested in applying for a job can do so in person at any of its Canadian restaurants, the company said.

The popular fast food giant currently has over 1,400 restaurants in Canada and more than 80,000 Canadian employees.

In March, McDonald's India urged users to update the McDelivery app on their devices as a precautionary measure after an independent security firm warned that it was leaking personal data of more than 2.2 million users including names, email addresses, phone numbers, home addresses, home co-ordinates and social profile links.

The same month, McDonald's said one of its official Twitter feeds was "hacked by an external source" when it sent out a tweet trolling President Donald Trump.

"@realDonaldTrump You are actually a disgusting excuse of a President and we would love to have @BarackObama back, also you have tiny hands," the tweet read before it was swiftly deleted.

"Twitter notified us that our account was compromised," the company said later. "We deleted the tweet, secured our account and are now investigating this."