McD Outlets Unsafe, Allianz Data Breached, Polish Plant Attacked
It’s already week 3 of August, and as promised, we are back with the third edition of the month, where we will talk about global cyber happenings. This time, our focus will be on the extremely popular fast food outlet of McDonald’s. Next, we will explore the recent cyber breach that affected Allianz Insurance. Lastly, we will look into the unfortunate situation in Poland where the Russian hacktivists have managed to attack their systems once again.
Let’s not waste any more time and jump straight to the details! Here you go!
McD outlets are no longer safe from threat attacks!
McD is making headlines, and no, not for its scrumptious burgers. Recently, an ethical hacker, while trying to sneak out some free Chicken McNuggets, discovered multiple flaws and vulnerabilities in McD’s partner as well as employee portals. The fast food giant is no longer safe from sophisticated threat attacks.
This ethical hacker, also popular as “BobdaHacker,” accidentally detected a server-side flaw in the Feel Good Design Hub of McD. He was trying to make the most out of the company’s reward systems to get some reward points, which he was planning to use to grab free Chicken McNuggets. Once he detected this loophole, he kept digging in and went down the rabbit hole, only to realize that there are numerous threat issues prevalent across the partner portals. McDonald’s outlets are spread across 120 countries, which further adds to the gravity of this discovery.
BobdaHacker published a blog post where he disclosed that because of this security issue, sensitive data like API keys is exposed to threat attacks. By abusing this data, cybercrooks can easily get unauthorized access to specific employee privileges, which they can misuse to access corporate data, make changes in the franchise owner’s brand website, and so on.
The lack of a security contact on McD’s website is further making it difficult for ethical hackers to address the grave security issue and report the same to the fast food brand.
Allianz Insurance’s data breach compromised the data of 1.1 million customers!
The Allianz Insurance data breach incident took place in July 2025. Because of this cyberattack, threat actors managed to access the personal data of a massive 1.1 million customers. This insurance company has over 1.4 million customers. The parent company, Allianz Life, is based in the USA and has over 125 million customers. Have I Been Pwned, an online website that enables people to verify whether or not their email address has been compromised in a threat attack, has claimed that as many as 1 million users have been affected by this cyber breach.
They have further shed light on the type of data that has been compromised. They believe that threat actors have managed to access sensitive data such as dates of birth, email addresses, phone numbers, physical addresses, customer names, and so on.
The data breach occurred on July 16th when a cybercriminal breached a third-party, cloud-based CRM system used by Allianz Insurance.
Cybersecurity defenses like DMARC, DKIM, and SPF play a crucial role in protecting organizations from state-sponsored threat actors targeting email systems and sensitive data.
Polish power plant attacked by state-sponsored threat actors with alleged connections to Russia!
Russian hacktivists once again targeted the same Polish power plant and managed to interrupt the turbines and the control setups of the plant. They tweaked the operating parameters, and as a result of this, the rotating components of the turbine- the rotator and the generator came to a halt.
The attack also severely affected output power and turbine speed, leading to complete disruption of the power plant. It was not a simulated attack but a real malfunction. The sharp fluctuations affected the water levels and the speed of the turbine. As a result, electricity production completely stopped for a prolonged period.
The same power plant was attacked by threat actors back in May 2025. Back then, the threat actors could not gain complete control over the power plant.
This time, the hackers have released a video claiming responsibility for the threat attack. Cybersecurity experts and Polish analysts believe that this attack is more destructive than the previous one.
Cyberattacks on Polish infrastructure have increased over the last couple of months. Be it the Sierakowo water treatment plant, the Szczytno water treatment plant, the Kuznica sewage treatment plant, or the Witkowo sewage treatment plant, cybercrooks have been targeting crucial infrastructural systems to create a sense of chaos and fear among the Polish people. Such attacks are designed to add fuel to the already existing geopolitical fire.
The minister of digital affairs had earlier mentioned the importance of industrial control systems. CERT Polska had published cybersecurity recommendations back in May 2024, where they came up with suggestions for enhancing OT security to help organizations anticipate and mitigate potential cyberthreats.
