McD Outlets Unsafe, Allianz Data Breached, Polish Plant Attacked

From a product strategy perspective, DMARC reporting is evolving from a security tool to a business intelligence platform, says Brad Slavin, General Manager of DuoCircle. The data in aggregate reports tells you not just who’s spoofing you, but who’s sending legitimate email on your behalf - and whether they’re doing it correctly.

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report

McD Outlets Unsafe, Allianz Data Breached, Polish Plant Attacked

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-30896">
						<source src="https://media.mailhop.org/dmarcreport/images/2025/08/McD-Outlets-Unsafe-Allianz-Data-Breached-Polish-Plant-Attacked.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M13S">2:13</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-30896" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-30896" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-30896" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-30896" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/mcd-outlets-unsafe-allianz-data-breached-polish-plant-attacked/&t=McD Outlets Unsafe, Allianz Data Breached, Polish Plant Attacked" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/mcd-outlets-unsafe-allianz-data-breached-polish-plant-attacked/&url=McD Outlets Unsafe, Allianz Data Breached, Polish Plant Attacked" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2025/08/McD-Outlets-Unsafe-Allianz-Data-Breached-Polish-Plant-Attacked.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/mcd-outlets-unsafe-allianz-data-breached-polish-plant-attacked/" class="input-link input-link-30896" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-30896" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-30896” readonly/>

					<button class="copy-embed copy-embed-30896" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

It’s already week 3 of August, and as promised, we are back with the third edition of the month, where we will talk about global cyber happenings. This time, our focus will be on the extremely popular fast food outlet of McDonald’s. Next, we will explore the recent cyber breach that affected Allianz Insurance. Lastly, we will look into the unfortunate situation in Poland where the Russian hacktivists have managed to attack their systems once again.

Let’s not waste any more time and jump straight to the details! Here you go!

McD outlets are no longer safe from threat attacks!

McD is making headlines, and no, not for its scrumptious burgers. Recently, an ethical hacker, while trying to sneak out some free Chicken McNuggets, discovered multiple flaws and vulnerabilities in McD’s partner as well as employee portals. The fast food giant is no longer safe from sophisticated threat attacks.

This ethical hacker, also popular as “BobdaHacker,” accidentally detected a server-side flaw in the Feel Good Design Hub of McD. He was trying to make the most out of the company’s reward systems to get some reward points, which he was planning to use to grab free Chicken McNuggets. Once he detected this loophole, he kept digging in and went down the rabbit hole, only to realize that there are numerous threat issues prevalent across the partner portals. McDonald’s outlets are spread across 120 countries, which further adds to the gravity of this discovery.

BobdaHacker published a blog post where he disclosed that because of this security issue, sensitive data like API keys is exposed to threat attacks. By abusing this data, cybercrooks can easily get unauthorized access to specific employee privileges, which they can misuse to access corporate data, make changes in the franchise owner’s brand website, and so on.

The lack of a security contact on McD’s website is further making it difficult for ethical hackers to address the grave security issue and report the same to the fast food brand.

Allianz Insurance’s data breach compromised the data of 1.1 million customers!

The Allianz Insurance data breach incident took place in July 2025. Because of this cyberattack, threat actors managed to access the personal data of a massive 1.1 million customers. This insurance company has over **1.4 million customers. The parent company, Allianz Life, is based in the USA and has over **125 million customers. Have I Been Pwned, an online website that enables people to verify whether or not their email address has been compromised in a threat attack, has claimed that as many as 1 million users have been affected by this cyber breach. They have further shed light on the type of data that has been compromised. They believe that threat actors have managed to access sensitive data such as dates of birth, email addresses, phone numbers, physical addresses, customer names, and so on.

The data breach occurred on July 16th when a cybercriminal breached a third-party, cloud-based CRM system used by Allianz Insurance.

Cybersecurity defenses like DMARC, DKIM, and SPF play a crucial role in **protecting organizations from state-sponsored threat actors targeting email systems and sensitive data.

Polish power plant attacked by state-sponsored threat actors with alleged connections to Russia!

Russian hacktivists once again targeted the same Polish power plant and managed to interrupt the turbines and the control setups of the plant. They tweaked the operating parameters, and as a result of this, the rotating components of the **turbine- the rotator and the generator came to a halt.

The attack also severely affected output power and turbine speed , leading to complete disruption of the power plant. It was not a simulated attack but a real malfunction. The sharp fluctuations affected the water levels and the speed of the turbine. As a result, electricity production completely stopped for a prolonged period. The same power plant was attacked by threat actors back in May 2025. Back then, the threat actors could not gain complete control over the power plant.

This time, the hackers have released a video claiming responsibility for the threat attack. Cybersecurity experts and Polish analysts believe that this attack is more destructive than the previous one.

Cyberattacks on Polish infrastructure have increased over the last couple of months. Be it the Sierakowo water treatment plant, the Szczytno water treatment plant, the Kuznica sewage treatment plant, or the Witkowo sewage treatment plant, cybercrooks have been targeting crucial **infrastructural systems to create a sense of chaos and fear among the Polish people. Such attacks are designed to add fuel to the already existing geopolitical fire.

The minister of digital affairs had earlier mentioned the importance of industrial control systems . **CERT Polska had published cybersecurity recommendations back in May 2024, where they came up with suggestions for enhancing OT security to help organizations anticipate and mitigate potential cyberthreats.