Fastfood major McDonald’s on Saturday said its website and mobile app do not store financial data of customers, after an independent blog claimed that the company was leaking personal data of over 2.2 million users in India. “We would like to inform our users that our website and app do not store any sensitive financial data of the users like credit card details, wallets passwords or bank account information,” an official spokesperson of McDonald’s India (West & South) said in a statement.
The quick service restaurant’s statement came after a post on independent blogpost hackernoon claimed that McDonald’s India’s mobile app is leaking data of 2.2 million users.
“The McDonald’s India app, McDelivery, is leaking personal data of more than 2.2 million of its users which includes name, email address, phone number, home address, accurate home co-ordinates and social profile links,” the blogpost had claimed yesterday.
In the statement, McDonald’s did not talk specifically about personal data of the customers while asserting that no financial data were stored.
It, however, said the company is committed to “users’ data privacy and protection”.
Hardcastle Restaurants, the franchisee of McDonald’s for West and South India operations, said the company updates the security measures of the website and app on a regular basis and urged the users to update the app on their devices as a precautionary measure.
“The website and app has always been safe to use, and we update security measure on regular basis,” the statement said. However, it also suggested its users to update McDelivery app on their devices.
“As a precautionary measure, we would also urge our users to update the McDelivery app on their devices,” it added.