McDonalds Data Breach
McDonald's Fast Food Chain Breach (Salesforce, 2025): 12 Million Customer Email & Home Address Records Exposed
Global fast food restaurant chain.
Risk Interpretation
Primary risks include phishing, loyalty abuse, order fraud, and account takeover. High brand familiarity makes impersonation scams especially effective.
Impact & Downstream Threats
McDonald's was among the approximately 39 organizations listed on the Scattered LAPSUS$ Hunters dark web leak site in October 2025, with customer contact data including email addresses, phone numbers, and home addresses published as part of the campaign. The company has not made detailed public statements about its specific response to or scope of exposure in this campaign. Salesforce attributed the campaign to customer-side integration vulnerabilities rather than a compromise of its core platfo
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
McDonald's customer data was exposed in a supply chain breach tied to the customer relationship management platform Salesforce. A threat group calling itself "Scattered LAPSUS$ Hunters" claimed responsibility and released a sample of the stolen database on October 3, 2025, announcing that the full dataset would follow on October 10. McDonald's was one of approximately 39 organizations listed on the group's dark web leak site. Salesforce attributed the compromise to vulnerabilities in customer-side integrations rather than its core platform. The breach affected 12.2 million records. The exposed data includes full names, email addresses, home and alternate phone numbers, and complete mailing addresses. Loyalty contact numbers linked to McDonald's rewards accounts were also present in the sample. This combination of contact and account data creates multiple avenues for abuse. Affected customers face elevated risk of phishing attempts, loyalty point theft, order fraud, and account takeover. McDonald's high brand recognition makes it particularly easy for attackers to craft convincing impersonation scams targeting these individuals. McDonald's has not issued detailed public statements about the scope of its exposure or its specific response to this incident. No regulatory actions or breach notifications have been publicly confirmed. Affected customers should treat any unsolicited contact referencing McDonald's with suspicion, monitor their loyalty accounts for unauthorized activity, and be alert to phishing emails or texts that use their personal details to appear legitimate.
About McDonalds
McDonald's is the world's largest fast food restaurant chain by revenue and locations, operating more than 40,000 restaurants in over 100 countries through a franchise-heavy model. The company is headquartered in Chicago and publicly traded on the NYSE. Its business spans company-operated restaurants, franchisee licensing, supply chain, and a growing digital and loyalty platform.
Why They Hold Your Data
Global restaurant chains collect customer account data, loyalty records, contact details, order history, payment-adjacent information, and delivery activity across digital ordering systems.
Recent Developments
McDonald's has been investing significantly in its digital ordering and loyalty program infrastructure, with the MyMcDonald's Rewards platform accumulating hundreds of millions of registered users globally. The company has navigated menu price sensitivity and consumer pushback over inflation-era pricing. In 2025 it faced simultaneous scrutiny from the Scattered LAPSUS$ Hunters Salesforce campaign and a separate claimed breach of its India operations by the Everest ransomware group.
Data Points Exposed
Exposure Categories
Canonical Fields
email_address, phone_number, physical_address:home
Dark Web Verification
- Dataset containing ~12.2M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: mcdonalds-salesforce-2025
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of McDonalds
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam