McDonald’s India urged users to update online ordering app McDelivery on their devices as a precaution, amid reports that the existing app may have exposed users’ personal data.
The firm, which denied that there had been any data breach, asserted that the company’s app was safe.
On Saturday, cybersecurity start-up Fallible said that McDonald’s India delivery app was a subject of security vulnerability and personal data of users had been leaked.
In a blogpost, Fallible said leaked data included, in some cases, names, email addresses, phone numbers, home addresses, home coordinates and social profile links of the fast-food chain’s users.
Based on the report, Srinivas Kodali, a Hyderabad-based user of the app has logged a compliant under section 43A of the IT Act, which provides for compensation against failure to protect data. A copy of the complaint is available with The Hindu .
“I would like to bring to your notice that McDonald’s India which owns mcdelivery.co.in has been negligent in protecting its customers information under the rules defined in the Information Technology Act of 2008. As a customer I have submitted my details to McDonald’s India in the past and I am affected today because of a data breach of their servers, due to their sheer negligence. I am requesting you to register my complaint under section 43A of the Information Technology Act for the same against McDonalds India and McDonalds Corporation for not safeguarding my information online,” Mr. Kodali said in his complaint made to CyberCrime.
McDonald’s is divided geographically in India with two separate franchises and according to sources, the vulnerabilities pertained to the West and South region.
McDonald’s response
A McDonald’s India (West & South) spokesperson said, “Our website and app do not store any sensitive financial data of users like credit card details, wallet passwords or bank account information. As a precautionary measure, we would... urge our users to update the McDelivery app on their devices.”