Kool King, an online shop owned by Burger King, had thousands of customer records exposed through an unsecured database, which was discovered last week.
The website allows customers who purchase from the children’s menu in Burger King, France to access content, including games, films and activities, after creating a profile on the platform.
The breached database, which potentially contained the data of children who signed up for the service, was discovered by Bob Diachenko of Security Discovery.
It contained 37,900 personal records including names, phone numbers, dates of birth, email addresses, passwords (used to access the online portal) and links to externally sourced certificates.
In addition, Diachenko was able to access the administrative details of 25 contacts, which included names, emails and encrypted passwords. The database also exposed e-commerce CRM backend logs, with debug information.
Diachenko reported the matter to the database administrators. In response, Burger King promptly secured the database and issued a statement.
“All the necessary actions legally required have been taken internally and with our service provider immediately after this incident came to our knowledge to ensure the effective resolution of the problem as well as the safety of our clients’ data. We are also liaising with the relevant national authority having jurisdiction in this respect.”
Are you prepared for a data breach?
Ponemon Institute’s 2018 Cost of a Data Breach Study found that one in four organisations will suffer a data breach within the next two years.
As cyber attacks become easier to carry out, and the potential damage they cause becomes greater, organisations must improve their cyber defences by taking an integrated and intelligence-led approach to cyber security that considers people, processes and technology.