McDonald's Corp said on Monday hackers gained access to a database containing information such as the email addresses and birth dates of people who voluntarily signed up for its websites and promotions.
The world's biggest hamburger chain said the security breach did not include any Social Security numbers, credit card accounts or sensitive financial information.
The hacked data was on computer systems operated by an email database management firm hired by McDonald's long-time business partner Arc Worldwide, the marketing services arm of advertising firm Leo Burnett, McDonald's spokeswoman Danya Proud said in a statement.
The incident has resulted in an investigation by law enforcement authorities. Arc and McDonald's are cooperating with the appropriate authorities, Proud said.
We are also working with Arc and their database management firm to understand how the security was bypassed, she said.
McDonald's declined to give the name of the email database management firm or the number of customers affected by the breach.
On Friday, drugstore chain Walgreen Co disclosed a database with its customers' email addresses was breached.
McDonald's shares closed down 45 cents, or 0.6 percent, at $77.11 on the New York Stock Exchange.
(Reporting by Lisa Baertlein; editing by Andre Grenon)