Burger King

A French online shop Kool King specifically tailored to be used by kids who bought Burger King menus exposed nearly 37,900 records after a cyber attack.

The data was leaked because the database storing it was misconfigured, allowing anyone with an Internet connection and the knowledge to find it to get to the records stored within.

Since the database was not secured in any way and publicly accessible, anyone who reached it could then edit, download, or even destroy the data without needing admin credentials.

The information compromised contained personally identifiable information (PII) such as emails, passwords, names, phones, DOB, voucher codes, links to the externally stored certificates, etc.100

Source: https://www.bleepingcomputer.com/news/security/burger-kings-online-store-for-kids-exposes-customers-info/

TPRM report: https://scoringcyber.rankiteo.com/company/burger-king

"id": "bur22620323",
"linkid": "burger-king",
"type": "Data Leak",
"date": "05/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 37900,
                        'industry': 'Retail',
                        'location': 'France',
                        'name': 'Kool King',
                        'type': 'Online Shop'}],
 'attack_vector': 'Misconfigured Database',
 'data_breach': {'number_of_records_exposed': 37900,
                 'personally_identifiable_information': ['emails',
                                                         'passwords',
                                                         'names',
                                                         'phones',
                                                         'DOB'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['emails',
                                              'passwords',
                                              'names',
                                              'phones',
                                              'DOB',
                                              'voucher codes',
                                              'links to the externally stored '
                                              'certificates']},
 'description': 'A French online shop Kool King specifically tailored to be '
                'used by kids who bought Burger King menus exposed nearly '
                '37,900 records after a cyber attack. The data was leaked '
                'because the database storing it was misconfigured, allowing '
                'anyone with an Internet connection and the knowledge to find '
                'it to get to the records stored within. Since the database '
                'was not secured in any way and publicly accessible, anyone '
                'who reached it could then edit, download, or even destroy the '
                'data without needing admin credentials. The information '
                'compromised contained personally identifiable information '
                '(PII) such as emails, passwords, names, phones, DOB, voucher '
                'codes, links to the externally stored certificates, etc.',
 'impact': {'data_compromised': ['emails',
                                 'passwords',
                                 'names',
                                 'phones',
                                 'DOB',
                                 'voucher codes',
                                 'links to the externally stored certificates'],
            'systems_affected': 'Database'},
 'post_incident_analysis': {'root_causes': 'Misconfigured Database'},
 'title': 'Kool King Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Publicly Accessible Database'}

Burger King

Lazarus Naturals

Estes Forwarding Worldwide

Synnovis