Iconic fast-food chain McDonald’s Corp. has been struck by a data breach with information stolen in the U.S., South Korea and Taiwan.

The exact form of the data breach was not revealed. The Wall Street Journal reported Friday that the breach involved some business contact information of U.S. employees and franchisees along with information about restaurants such as seating capacity and square footage.

U.S. customer data was not stolen but data in South Korea and Taiwan was. In Taiwan, the hack also involved the theft of employee information, including names and contact details.

“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data,” McDonald’s said.

The burger chain said that the breach’s discovery came as a result of its “substantial investments” intoybersecurity measures. “These tools allowed us to quickly identify and contain recent unauthorized activity on our network,” a spokesperson told CNN Business. “A thorough investigation was conducted, and we worked with experienced third parties to support this investigation.”

If McDonald’s cybersecurity efforts were truly substantial, however, it wouldn’t be reporting a data breach. Claiming that discovering a data breach is representative of good cybersecurity is certainly an interesting spin. There’s no suggestion that ransomware was involved, but three different countries and different sorts of data stolen may suggest multiple attacks were involved.

“The recent cyberbreach at McDonald’s is another example showing that every organization is a software organization,” Jonathan Knudsen, technical evangelist at electronic design automation firm Synopsys Inc., told SiliconANGLE. “Fast food? Oil pipeline? Global shipping? Every organization in every industry depends on software for critical business functions.”

As a result, he added, every organization in every industry must embrace a proactive approach to cybersecurity. “Without a security mindset in all parts of the organization, the risk of disaster is high,” he said.

Kate Kuehn, senior vice president of application relationship management company vArmour Networks Inc., noted that the data breach is a stark reminder that all organizations need to assume they have already been breached and adopt a zero-trust model of defense.

“It’s not a question of if, but when, organizations will need to respond/contain an incident, and real-time visibility and application relationship management is critical to attempt success.” Kuehn said.

John McClurg, senior vice president and chief information security officer at intelligent security firm BlackBerry Ltd., said the McDonald’s breach also highlights the need for a “prevention-first” approach.

“As diverse industries from gaming to the supply chain to local transportation face an unparalleled rise in cyberattacks, which are incredibly costly and are damaging reputations amongst consumers, humans and technology must work hand-in-hand to stay one step ahead to secure and protect critical data for the long term,” McClurg said. “Implementing prevention-first AI-driven technology can enable organizations to stop data breaches and ransomware attacks before they execute.”

Photo: McDonalds Sweden