South Korea's national data protection authority on Wednesday fined McDonald's 696 million won (approximately $532,110) after the personal data of millions of customers was leaked to hackers due to the company's lax data management.
The Personal Information Protection Commission imposed the fine on the Korean branch of the American fast food chain, along with a financial penalty of about 10 million won (about $7,660) for the data breach, involving more than 4.87 million customers, Seoul-based Yonhap News agency reported.
The commission, in its findings, declared that McDonald's Korea did not exercise "sufficient access control,” leaving a backup file containing the personal data of its restaurant and McDelivery customers accessible via protocols for file sharing.
As a result, it added, the personal information of over 4.87 million customers was hacked and leaked.
The global fast food chain was "also found to have not destroyed the personal data of 766,846 customers for whom the data retention period had expired, and belatedly notified authorities and customers of the data leakage."