There has been no data leak says McDonald's India
In a statement issued by McDonald's India (South and West), the firm vehemently denied that there was any data leak. They also mentioned that they do not store any of the sensitive financial data of their consumers like bank account information or card details and have a strong security measure in place to ward off any attacks.
2.2 million users vulnerable in McDonald's app data leak
According to a statement of cyber security firm Fallible, McDonald's India app McDelivery which is run by Westlife development, has leaked information of more than 2.2 million users residing in the Western and southern region of the country. This information can be used by hackers to access financial details like debit/credit card information and online transactions.
So what's out of the bag?
According to the firm, this leak has given the hackers access to "name, email address, phone number, home address, accurate home co-ordinates, and social profile links". The firm further stated that they had approached the management on 4th Feb and got an acknowledgement on 13th Feb but when they checked on 18th March, it was still leaking data.
Standing out like a sore thumb
The official spokesperson for McDonald's India (West & South) in his statement, promised that their security protocol was not breached and their app was working fine. They, however, asked their users to update their apps on their devices in what they termed as a "precautionary measure"
Biggest breach of financial data in India
Around 3.2 million cards of banks were hit by a data-attack. SBI, HDFC, ICICI and Yes Bank were the worst hit when a malware attack affected Hitachi Payment Services which provides ATMs, PoS etc. This leak allowed fraudsters to tap the information and siphon-off funds.
Poor line of defence
Accenture Security Index was released after a detailed survey was conducted analyzing 2,000 top firms with annual revenues of $1 billion. It showed that all major firms will fail miserably, if there was a proper cyber attack. The report said that only 34% of the firms, which means only one out of three firms had adequate measures to monitor for threats
