By: Leonardo Neri
McDonald's, the world's largest fast food chain, has alleged that Brazilian customer data was accessed improperly following a security incident reported in the media. The company's representative in Brazil reiterated that no 'sensitive data' of consumers from its franchise chains was exposed, and that it cooperated in every possible way with regulatory agencies in the investigation, such as the National Data Protection Authority (ANPD).
The data leak would have initially occurred after emails were allegedly sent on behalf of the company to its customers, who would have been harmed by the leak of their personal information.
However, the representative of the multinational repudiated that such fact would demonstrate the brand's negligence in relation to data protection compliance procedures, in accordance with Brazilian legislation, and declared that there will be no criminal action of any kind, but promised to further reinforce digital protection measures, opening Customer Service (SAC) channels for violated consumers, in order to resolve any doubts arising from the incident.
After the theft, the company continued to say in a note that consumers should be careful and not open 'strange' emails with inappropriate requests made on behalf of Arcos Dourados.
The American company made the following emails available for contact: sac@sacmcdonalds.com.br and privacy.lgpd@br-mcd.com
This is yet another case that demonstrates that it is practically impossible to avoid a security incident, but that organizations must be very well prepared to act with the rapid detection of attacks through crisis committees, as well as having an emergency action plan in place in these cases, aiming to stop any losses to data holders and correct any systemic or communication failures.
With the collaboration of Pedro Sobolewski.