South Korea fines McDonald’s for data leak of customers
South Korea’s Personal Data Protection Commission has fined McDonald’s, British American Tobacco and Samsung for privacy violations.
McDonald’s was fined ₩596 million ($530,000) for storing backup files containing data of its McDelivery service on a server message block (SMB) volume that had sharing enabled. Hackers had gained access to the data of 4,876,106 users.
The Personal Data Protection Commission fined the Korean branch of the American fast food chain around 10 million won for the data breach.
In another incident, the data of 766,846 burger buyers that should have been destroyed after the expiry of the retention period also came to light, resulting in a fine of ₩ 10 million ($7,700).
The Burgermeister’s snafu was revealed along with news that British American Tobacco hadn’t taken sufficient measures to mask customers’ IP addresses. As a result, the company had to hand over information about 1,540 customers and pay a fine of 40 million euros.
Samsung Securities inadequately secured a web server, leaking data of 48,122 users. The data was viewable for a month and earned the chaebol a fine of ₩ 100 million.
The Commission also imposed fines on local providers iMarket, JK Club and Kara for passing on customer data.
The agency is also believed to have fined four entities for poor CCTV security, including a plastic surgery clinic that left the cameras running while its clients undressed in a changing room.
This is not the first time McDonald’s has been subjected to a cyber-attack. In 2021, this Fast-Food Giant experienced a data breach in which phone numbers, emails, and addresses of delivery customers in South Korea and USA were accessed.