Potential Access to Customer Data by Unauthorized Third Party

Dear Valued McDonald’s Customer,

Recently McDonald’s was informed by one of its partners that limited customer information collected in connection with our promotions or websites was improperly accessed by a third party. Limited customer information such as name, address, phone number, birth date and gender was included in the information that was accessed. It is important to note that this incident has nothing to do with credit card use at the restaurants. The database did not contain any credit card information or any other financial information.

By way of background, McDonald’s asked Arc Worldwide, a long-time business partner, to develop and coordinate the distribution of promotional emails. Arc hired an email service provider, a standard business practice, to supervise and manage the email database. That email service provider has advised that its computer systems recently were accessed by an unauthorized third party, and that information, including information that customers provided to McDonald’s, was accessed by that unauthorized third party. Law enforcement officials have been notified and are investigating this incident.

McDonald’s does not collect sensitive financial information, such as Social Security Numbers or credit card numbers on-line or through email. As such, the information improperly accessed did not include this type of information. Rather, the limited information provided to McDonald’s included information required to confirm age, a method to contact our customers (such as name, mobile phone number, and postal address and/or e-mail address), and other general preference information.

In the event that you are contacted by someone claiming to be from McDonald’s asking for personal or financial information, do not respond and instead immediately contact us at the number below so we can contact the authorities. Please remember, McDonald’s would not ask for that type of information online or through email.

We apologize for any concern this incident may cause. Protecting our valued customers is very important to us. If you have any questions or concerns, please contact us immediately at our toll-free number 1-800-244-6227.

Sincerely,

McDonald’s Customer Satisfaction Team

How was a third party able to improperly access McDonald’s customer data?

Unfortunately, a third party was able to defeat the security measures put in place by the email database management firm to protect the information you provided to us. Law enforcement authorities have been notified and are investigating the matter.

What information was contained in McDonald’s customer database that was improperly accessed?

The information contained in the database is limited to your email address and potentially also your name, postal address, home or cell phone number, birth date, gender, and certain information about your promotional preferences or web information interests. This is information you provided when you signed up or subscribed. The database did not contain Social Security Numbers, credit card numbers or any sensitive financial information, since McDonald’s did not collect this information.

Did the database include my Social Security Number?

No. The database did not contain Social Security Numbers, credit card numbers or any sensitive financial information, since McDonald’s did not collect this information. If you are contacted by any person claiming to be from McDonald’s asking for your sensitive financial information in connection with a promotion or otherwise, do not provide it. Instead, please call 800-244-6227 and let us know so we can contact the authorities.

I have used my credit card before at McDonald’s to pay for a purchase. Does that mean that McDonald’s has my credit card information in its database?

Absolutely not. This incident has nothing to do with credit card use at the restaurants. The database that was accessed by the unauthorized third party did not contain any credit card information or any other financial information. Further, the information in the database was not gathered from our restaurant registers, but from voluntary subscriptions to our websites or promotions.

How did McDonald’s get my information in a database?

You chose to submit information or subscribe to McDonald’s during an online promotion or through one of McDonald’s websites at McDonalds.com, 365Black.com, McDonalds.ca, mcdonaldsmom.com, mcdlive.com, monopoly.com, playatmcd.com, or meencanta.com.

Does this mean that I am the victim of identity theft?

No. The information in the database, without more, should not allow someone to commit identity theft.

Is an investigation being conducted?

Yes. McDonald’s takes this matter very seriously. Law enforcement authorities have been contacted and are investigating the matter.

I applied for a job online, does that mean my information has been improperly accessed? OR I submitted an e-mail complaint through an online form on mcdonalds.com, does that mean that my information has been improperly accessed?

No. This issue is specifically related to the database when you elected to submit information or subscribe to McDonald’s during an online promotion or through one of McDonald’s websites such as those at McDonalds.com, 365Black.com, McDonalds.ca, mcdonaldsmom.com, mcdlive.com, monopoly.com, playatmcd.com, or meencanta.com

How do I know if my information was affected by this incident?

McDonald’s attempted to send an e-mail to each active subscriber that was contained in the database. McDonald’s used the email address it had to try to reach you. McDonald’s customer database only contains the limited information you provided at the time you signed up.

I don’t want to be part of this database anymore. How do I remove myself and information?

You may visit McDonalds.com at any time to “unsubscribe.” The area or link to unsubscribe is located at the bottom of the home page at McDonalds.com.

What is McDonald’s doing to help me?

McDonald’s is cooperating with law enforcement authorities. McDonald’s takes the protection of its customers very seriously. Upon learning of this incident, we acted quickly to notify you, so that you would be prepared in case someone pretended to be from McDonald’s to solicit financial information.

What should I do if I get an email from McDonald’s that appears suspicious or asks me for personal information?

If you are contacted by email or otherwise by someone claiming to be from McDonald’s asking for your sensitive financial information, do not provide it. McDonald’s does not ask for that type of information on-line or by email. Instead, please call us at 800-244-6227 and let us know so we can contact the authorities.

What should I do now that someone else has my information

The information in the database alone, would not allow someone to engage in identity theft. The information involved did not include social security numbers, credit card numbers or any other sensitive financial information. If you are contacted by any person claiming to be from McDonald’s asking for your sensitive financial information in connection with a promotion, do not provide it. Instead, please call 800-244-6227 and let us know so we can contact the authorities.

Newsroom

Press Releases
Electronic Press Kits
McDonald's Statements & Alerts
Statement on Surcharge Photo Hoax
Response to Chicken McNuggets Photo Hoax
Statement on Dr. Mann Situation
Discontinued Use of Select Lean Beef Trimmings (SLBT)
Statement on Sparboe Allegations
Response to New York Assault
Regarding the Baltimore Assault
Ronald McDonald is Here to Stay
Response to Chicken McNugget Rumors
Response to CSPI Lawsuit
Response to Happy Meal Food Experiment
Response to PCRM/Morgue Ad
Response to WSJ Healthcare Article
Ready Pac Precautionary Voluntary Recall on Apples
Potential Access to Customer Data by Unauthorized Third Party
Reese's® Peanut Butter Cups® McFlurry® Ingredient Notice
Image & Video Library
Social Media Around the World
Meet the @McDonaldsCorp Twitter Team
Press Contacts
FAQ Library

McDonalds.com |

Global Sites |