McDonald’s faces 706 million won in fines over data violation

By Kuksung Nam, The Readable
Mar. 23, 2023 7:32PM GMT+9

The US burger giant’s South Korea operation has been fined 706 million won (roughly $551,000) for breaking the nation’s data privacy laws for its treatment of South Korean users’ information.

The South Korean privacy regulator, the Personal Information Protection Commission (PIPC), held its fifth plenary session on Wednesday and decided to fine McDonald’s alongside five other companies over privacy violations. The US burger giant was given the biggest penalty among the six firms.

The PIPC said that McDonald’s had mishandled customers’ data and let attackers gain access to more than 4.8 million South Korean users’ data, which is almost 10 percent of the country’s population. The PIPC did not immediately respond to The Readable’s request for details about the information that has been affected.

The privacy regulator added in the statement that the burger chain failed to notify its customers about the breach and did not adequately inform regulators about the leakage with in the required time. The South Korean privacy law states that companies must notify users and report data exposures to regulators within 24 hours after they have discovered the breach. Moreover, the PIPC discovered that the burger chain had stored 766,846 users’ personal information beyond their retention period.

This decision was one of the results of the privacy regulators’ investigation of the burger chain’s data breach in 2021. According to foreign news reports, McDonald’s revealed in June of 2021 that they had suffered from a data breach which led to the exposure of personal information of customers, such as emails, phone numbers, and addresses, in South Korea and Taiwan. In the reports, the burger giant stated that no customer payment information was affected.

The Readable reached out to the McDonald’s South Korea operation, but the company did not immediately respond to the request for comment about the PIPC’s decision.

The cover image of this article was designed by Sangseon Kim.

Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.