McDonalds 2025 Data Breach

McDonald's Fast Food Chain Breach (Salesforce, 2025): 12 Million Customer Email & Home Address Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Scattered Lapsus$ HuntersFoodEmail AddressPhone NumberPhysical Address
Moderate SeverityWebsite / service breach

McDonald's Fast Food Chain Breach (Salesforce, 2025): 12 Million Customer Email & Home Address Records Exposed

Global fast food restaurant chain.

Verified by ObscureIQ Intelligence
44/100Breach Risk Index
10Data Value
40Market Recency
206dSince Breach

Breach Intelligence Summary

Entity: McDonalds · Actor: Scattered Lapsus$ Hunters · Sources: 2 references
Attack: Unknown
Profile: Company · Fast food restaurant services · Franchise restaurant chain · Global
Timeline: Breach (2025-10-10) · Indexed (Oct 03, 2025) · Year (2025)
Exposure: 12.2M records · 3 fields: Email Address, Phone Number, Physical Address
Status: Reported

Executive Summary

McDonald's customer data was exposed in a supply chain breach tied to the customer relationship management platform Salesforce. A threat group calling itself "Scattered LAPSUS$ Hunters" claimed responsibility and released a sample of the stolen database on October 3, 2025, announcing that the full dataset would follow on October 10. McDonald's was one of approximately 39 organizations listed on the group's dark web leak site. Salesforce attributed the compromise to vulnerabilities in customer-side integrations rather than its core platform. The breach affected 12.2 million records. The exposed data includes full names, email addresses, home and alternate phone numbers, and complete mailing addresses. Loyalty contact numbers linked to McDonald's rewards accounts were also present in the sample. This combination of contact and account data creates multiple avenues for abuse. Affected customers face elevated risk of phishing attempts, loyalty point theft, order fraud, and account takeover. McDonald's high brand recognition makes it particularly easy for attackers to craft convincing impersonation scams targeting these individuals. McDonald's has not issued detailed public statements about the scope of its exposure or its specific response to this incident. No regulatory actions or breach notifications have been publicly confirmed. Affected customers should treat any unsolicited contact referencing McDonald's with suspicion, monitor their loyalty accounts for unauthorized activity, and be alert to phishing emails or texts that use their personal details to appear legitimate.

ObscureIQ assessment: Primary risks include phishing, loyalty abuse, order fraud, and account takeover. High brand familiarity makes impersonation scams especially effective.

Breach Impact

McDonald's was among the approximately 39 organizations listed on the Scattered LAPSUS$ Hunters dark web leak site in October 2025, with customer contact data including email addresses, phone numbers, and home addresses published as part of the campaign. The company has not made detailed public statements about its specific response to or scope of exposure in this campaign. Salesforce attributed the campaign to customer-side integration vulnerabilities rather than a compromise of its core platform.

About McDonalds

McDonald's is the world's largest fast food restaurant chain by revenue and locations, operating more than 40,000 restaurants in over 100 countries through a franchise-heavy model. The company is headquartered in Chicago and publicly traded on the NYSE. Its business spans company-operated restaurants, franchisee licensing, supply chain, and a growing digital and loyalty platform.

Why They Hold Your Data

Global restaurant chains collect customer account data, loyalty records, contact details, order history, payment-adjacent information, and delivery activity across digital ordering systems.

Recent Developments

McDonald's has been investing significantly in its digital ordering and loyalty program infrastructure, with the MyMcDonald's Rewards platform accumulating hundreds of millions of registered users globally. The company has navigated menu price sensitivity and consumer pushback over inflation-era pricing. In 2025 it faced simultaneous scrutiny from the Scattered LAPSUS$ Hunters Salesforce campaign and a separate claimed breach of its India operations by the Everest ransomware group.

Data Points Exposed

3 verified field types
Email Address
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: Scattered Lapsus$ Hunters

Scattered Lapsus$ Hunters
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the McDonalds breach?

McDonald's customer data was exposed in a supply chain breach tied to the customer relationship management platform Salesforce. A threat group calling itself "Scattered LAPSUS$ Hunters" claimed responsibility and released a sample of the stolen database on October 3, 2025, announcing that the full…

What data was exposed?

Verified fields include Email Address, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation