Cybersecurity News that Matters

Cybersecurity News that Matters

McDonald’s faces 706 million won in fines over data violation

by Kuksung Nam

Mar. 23, 2023
7:32 PM GMT+9

The US burger giant’s South Korea operation has been fined 706 million won (roughly $551,000) for breaking the nation’s data privacy laws for its treatment of South Korean users’ information.

The South Korean privacy regulator, the Personal Information Protection Commission (PIPC), held its fifth plenary session on Wednesday and decided to fine McDonald’s alongside five other companies over privacy violations. The US burger giant was given the biggest penalty among the six firms.

The PIPC said that McDonald’s had mishandled customers’ data and let attackers gain access to more than 4.8 million South Korean users’ data, which is almost 10 percent of the country’s population. The PIPC did not immediately respond to The Readable’s request for details about the information that has been affected.

The privacy regulator added in the statement that the burger chain failed to notify its customers about the breach and did not adequately inform regulators about the leakage with in the required time. The South Korean privacy law states that companies must notify users and report data exposures to regulators within 24 hours after they have discovered the breach. Moreover, the PIPC discovered that the burger chain had stored 766,846 users’ personal information beyond their retention period.

This decision was one of the results of the privacy regulators’ investigation of the burger chain’s data breach in 2021. According to foreign news reports, McDonald’s revealed in June of 2021 that they had suffered from a data breach which led to the exposure of personal information of customers, such as emails, phone numbers, and addresses, in South Korea and Taiwan. In the reports, the burger giant stated that no customer payment information was affected.

The Readable reached out to the McDonald’s South Korea operation, but the company did not immediately respond to the request for comment about the PIPC’s decision.


Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Kuksung Nam
    : Author

    Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and...

    View all posts
Stay Ahead with The Readable's Cybersecurity Insights