McDonald's India App Leaks Personal Data Of 2.2 Mn Customers, Company Denies Claims

First, it was Ashley Madison. Then it was Sony. Now it is McDonald’s India. According to media reports, US-based fast food restaurant chain, McDonald’s India app, McDelivery, has reportedly leaked the personal data of more than 2.2 Mn users.

Disputing this development, the official spokesperson of McDonald’s India (west & south) made an official statement: “We would like to inform our users that our website and app does not store any sensitive financial data of users like credit card details, wallets passwords or bank account information. The website and app has always been safe to use, and we update security measures on a regular basis. As a precautionary measure, we would also urge our users to update the McDelivery app on their devices. At McDonald’s India, we are committed to our users’ data privacy and protection.”

Statement from McDonalds India. pic.twitter.com/1tK5D1FACp

— McDonald’s India (@mcdonaldsindia) March 18, 2017

As per reports, user information like name, phone number, email addresses, home addresses, and social profile links have been leaked out. These reports further point to, Fallible, a Saas cyber security company, which had contacted McDelivery about the data leak on February 7, 2017. They received an acknowledgement from a senior IT manager at the firm. The company’s blog reported, “The McDonald’s fix is incomplete and the endpoint is still leaking data.”

In January 2014, company had started accepting online payments,by allowing customers to pay online while they place an order on the Mcdelivery site.

McDonald’s is not the first company to face a data breach in India. Earlier in 2015, companies like Times Internet’s Gaana.com, cab hailing app Ola and online restaurant search and discovery service startup Zomato have also faced this issue.

In May 2016, Inc42 reported that the personal data of about 1 Cr IRCTC users were leaked from the website’s server.

With demonetisation coming into play and an increase in cyber security crime in this decade, the Ministry of Electronics and Information Technology (MeitY) has came up with a set of guidelines for wallet firms. In March 2017, MeitY released new guidelines drafted by Information Technology (Security of Prepaid Payment Instruments) Rules 2017 for security of prepaid payment instruments, under the Information Technology Act 2000.

Cyber Security

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

McDonald’s India App Leaks Personal Data Of 2.2 Mn Customers, Company Denies Claims

Recommended Stories for You

Sequretek Secures $8 Mn Funding To Fuel Expansion In The US And Indian Markets

Why The Indian Financial Services Startups Need To Focus On Cybersecurity

Report Cyber Security Incidents Within 6 Hours To CERT-In: Govt

GainBitcoin Scam: Cybersecurity Experts Behind Investigation Arrested For Stealing INR 20 Cr Crypto

Pegasus Row: What’s The Status Of India’s Investigation Into The Spyware?

Infosec Startup Scrut Automation Raises $3 Mn To Expand In US, EU And Asia Markets

Why Indian Online Gaming Platforms Must Invest In Always-on Cybersecurity

CDSL Fixes Vulnerability That Exposed Personal, Financial Data Of 4.39 Cr Investors

British Telecom Leads $33 Mn Investment In Indian Cyber Security Startup

Why Tech Companies Are Chasing Cybersecurity Experts

Inc42 Daily Brief

Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy