PORTLAND, Ore. — McDonald's Corp. says some of its customers' private information was exposed during a data breach.
The company said Monday that a third party was able to get past security measures and see into a database of its customer information that included e-mail, phone numbers, addresses, birthdates and other specifics that they provided when signing up for online promotions or other subscriptions to its websites.
The compromised database did not include any financial information or Social Security numbers.
McDonald's, which is based in Oak Brook, Ill., did not detail the timing or scope of the breach but said it is working with law enforcement.
The fast-food chain said its business partner, Arc Worldwide, retained an e-mail database management firm whose computer systems were improperly accessed. McDonald's said it is working with the two firms to understand how security was bypassed.
Arc did not immediately respond to a call for comment.
McDonald's said it has attempted to notify all its subscribers of the incident. The company is asking any consumers who are contacted by someone claiming to be from McDonald's and seeking personal or financial information not to respond but instead to contact the company immediately so it can alert authorities.
Shares of McDonald's fell 9 cents to $77.47 in afternoon trading.