5 Takeaways from McDonald’s purported data leakage

-

              Fast food aficionados all over India tend to splurge on McDonalds menu either through in-store mode or home-delivery mode.

              The preferred mode for home-delivery is the McDelivery APP.

              McDonalds operates in India through two separate entities i.e one for North &  East India and another for West &  South India. 

              The welcome screen on http://www.mcdonaldsindia.com/ requests the user to choose his/
her area. Clicking on either link will take the user to independent web-screens.

              The North & East footprint is with ‘Connaught Plaza Restaurants Private Limited’, led by Mr. Vikram Bakshi, JV Partner and Managing Director, North & East India

The South & West India footprint is with ‘Hardcastle Restaurants Private Limited,’ led by Ms. Smita Jatia, Managing Director, South & West India

              Hence, there are separate McDelivery Apps for North &  East India and West &  South India.

              According to a blog post published by Cybersecurity firm Fallible , "an unprotected publicly accessible API endpoint for getting user details coupled with serially enumerable integers as customer IDs can be used to obtain access to all users personal information."

              The data leakage was through McDonald's India app McDelivery for West & South India. The data leaked personal information of its customers for an unspecified duration of time. This included "name, email address, phone number, home address, accurate home co-ordinates, and social profile links" for "more than 2.2 million" of its users.

              As customers in North and East of India use another app and website,  their data doesn't seem to be impacted by this leak.

              As of now, McDonald has not issued any Press Statement on its website i.e @ http://www.mcdonaldsindia.com/media_center.html

              However, an official spokesperson for McDonald's India (West & South), the company that owns and operates the McDelivery app, sent the following statement to Gadgets 360:

              “We would like to inform our users that our website and app does not store any sensitive financial data of the users like credit card details, wallets passwords or bank account information. The website and app has always been safe to use, and we update security measure on regular basis. As a precautionary measure, we would also urge our users to update the McDelivery app on their devices”.

        
      Takeaway 01) Login through a new-sign up only, do not log-in through social medial user accounts i.e Facebook or Google Plus

              Takeaway 02) Opt to sign-out if your interaction with the APP is less than 3 times a month. Instead create a fresh User ID, if you intend to interact with the APP, less than 3 times a month.

Takeaway 03) Use the ‘Contact Us’, option to let the APP Administrator to disable your account, if you do not use for 3 months. If you have not used the APP for 3 months, it means your need to have an account with the APP is minimal.

              Takeaway 04) Consider opting for deliveries through Aggregator APPs rather than Individual restaurant APPs. Of course, it is assumed that Aggregator APPs are more secure as compared to Individual restaurant APPs

Takeaway 05) Take calculated risks; Nothing is safe in this world

                            Recently McDonalds has embarked on a major branding exercise with its ‘Experience of the Future’ restaurant’s (EOTF) being launched in India. The first EOTF will be in Mumbai.

              McDonalds is looking for - AGM Information Technology (Consumer Facing Technology).

              One of the major KRAs is – “Drive online delivery and restaurant process improvement, integration with ecosystem partners (food aggregators, delivery, payment providers)”

              By the way I always enjoy McDonald’s menu at the store only, so have not downloaded the McDelivery App!!


Comments

Post a Comment

Popular posts from this blog

CERTIFICATE EXAMINATION IN INTERNATIONAL TRADE FINANCE

-
Image
          This certification is essential for all members of a Bank Trade Finance Department.   The syllabus covers key aspects required by team members to effectively discharge their duties. Trade Finance is one of the traditional forms of bank finance in India. In view of reforms and liberalisation, this has gained a new significance.   Many of the practices in trade finance have evolved over a period of time and some are guided by Ministry of Commerce and Reserve Bank of India, besides WTO and International Chamber of Commerce through UCPDC 600. With the increase in the volume of trade both domestically and internationally, there is a need for trade finance professionals from banks as well as corporates. The Objectives of this IIBF Examination is as under:   (i) To provide candidates with competencies required to function as trade finance practitioners. (ii) To enable candidates to possess the needed skill and knowledge to understand clients' needs
Read more

IIBF-Certificate Examination in Foreign Exchange Facilities for Individuals

-
          The primary objective this IIBF course is to make the branch officials familiar with the FEMA provisions that impact their day to day functioning at the branch level.     This exam is being introduced pursuant to the recommendation of a committee of RBI.           Normally foreign exchange transactions pertaining to individuals are handled at branches only and are not referred to specialised forex cells.           The course covers ‘Foreign Exchange Facilities for individuals under FEMA1999’ RBIs FAQs’ on Forex Facilities for Residents (Individuals) (updated up to November 21, 2014) For full details refer to Reserve Bank of India website: Introduction : The legal framework for administration of foreign exchange transactions in India is provided by the Foreign Exchange Management Act, 1999. Under the Foreign Exchange Management Act, 1999 (FEMA), which came into force with effect from June 1, 2000, all transactions involving forei
Read more

IIBF introduces Self-Paced E-learning courses (SPeL) for its two certificates

-
Image
          Indian Institute of Banking Finance (IIBF) has taken a quantum leap in disseminating knowledge to its members and non-members.           IIBF in April 2019, introduced the Self-Paced E-learning courses (SPeL) concept for banking enthusiasts to be familiar with banking concepts.           In the first stage, IIBF has launched   two certificate courses i.e 1. Digital Banking and 2. Ethics in Banking.           The objective of this self-paced e-learning mode are as follows: • Participants can make the best use of his or her time, in order to meet his or her learning objectives. • Participants can access the course   anywhere/anytime with an internet connection. • Participants need not travel to give their examinations. It saves time and money of the participants. • Opportunity to individuals to obtain new certifications; improve their knowledge in the subject. • With self-paced learning, subjects can be thought in different learning styles. Part
Read more