McDonald's and Walgreens have both announced the compromise of their customer email databases and in McDonald's case the leak might involve much more information than just email addresses.The breach at Walgreens was discovered sometime last week and the company, which operates the largest drugstore chain in the United States, alerted affected customers via email on Friday.
The company didn't go into details about how its newsletter was compromised or how many email addresses were exposed.
However, it did warn that some customers have already been targeted in phishing attacks that mimicked official communications from a different company.
Another troubling aspect of this leak is that even customers who previously unsubscribed from the newsletter were affected. Apparently, their email addresses were kept in the system despite no longer receiving messages.
The McDonald's data breach occurred at a third party company contracted to handle the sending of promotional emails to customers.
"
The information contained in the database is limited to your email address and potentially also your name, postal address, home or cell phone number, birth date, gender, and certain information about your promotional preferences or web information interests," the company
wrote in a FAQ about the incident.
All of this "limited" data was provided by users when they signed up for online promotions on one of the company's websites. No Social Security numbers or credit card details were compromised.
The news comes after yesterday, deviantART
informed its users that their email addresses were compromised after the servers of its marketing partner were compromised.
These incidents raise very serious questions about users entrusting companies with their data based on reputation, which then share it with third party partners, whose computer infrastructure might not be as secure.
Find us on Google+
