In the past two days McDonald’s and Walgreens have reported independent security breaches relating to their e-mail marketing data. Elsewhere, Chipotle Mexican Grill claims a hacker was responsible for controversial messages posted to its Facebook page last week.
McDonald’s issued a statement Monday explaining that an e-mail service provider retained by its agency Arc Worldwide had its systems compromised by an unauthorized third party, potentially exposing customers’ e-mail information, names, addresses, phone numbers, birth dates, and genders.
Walgreens, meanwhile, said hackers gained access to a list of customers’ e-mail addresses, and may have sent spam encouraging them to input personal data into a false website. In an e-mail to customers, the company said prescription information and other personally identifiable data were not leaked, as that information is stored in a separate database. “We want to assure you that the only information that was obtained was your email address,” the message stated. A spokesperson for the company declined to disclose further details pending “investigation by the relevant authorities.”
McDonald’s would not reveal which e-mail database provider was responsible for its breach, but it said the data in question was collected during online promotions across a range of sites, including McDonalds.com, 365Black.com, McDonalds.ca, mcdonaldsmom.com, mcdlive.com, monopoly.com, playatmcd.com, and meencanta.com.
“The incident has resulted in an investigation by law enforcement authorities. Arc and McDonald’s are cooperating with the appropriate authorities as we work to protect our valued customers. We have attempted to notify all of our active subscribers, who voluntarily provided information in connection with the websites and promotions involved in this incident,” the company said in a statement. It too has sent communications to the customers it believes may be affected by the breach.
Elsewhere, Chipotle Mexican Grill yesterday claimed one of its employees had her Facebook account hacked following a controversial post that appeared on the restaurant’s page on the social media site last week. A post from the employee’s account read, “Soo I just ran over a white cat on my way home…oops!!! Not my fault!”
The post was removed, and the company issued a statement on its Facebook page yesterday reading, “The statement about the cat is completely false. Someone hacked into our employee’s account and posted that update without her knowledge. We at Chipotle respect all animals and would not joke about something like that. We are working with local authorities and hope for a quick resolution. We also ask that you be respectful as this is a difficult situation for our employee. We appreciate your patience.”
However, discussion surrounding the post continues to dominate the brand’s wall and discussion forums on the site, clearly demonstrating the risks associated with brands engaging in open social media forums.