Penta Security Inc. > Blog > [Security News] Data Exposure From Major Organizations | McDonald, Microsoft SQL, Louis Vuitton

[Security News] Data Exposure From Major Organizations | McDonald, Microsoft SQL, Louis Vuitton

2025-07-16 Blog
McDonald's AI exposing data

15th July 2025

Major organizations – McDonald’s, Microsoft SQL Server, and Louis Vuitton – experienced data breaches due to weak passwords and zero-day vulnerabilities, resulting in sensitive data exposure.

McDonald’s Job Chatbot Password Exposed Leaking 64million Applications

McDonald uses McHire named Olivia, an AI chatbot, to screen its job applications asking for private information such as contact information, resume, personality test scores. Last week, McDonald’s suffered from security flaws as Olivia’s admin panel utilized weak credentials of a login name “123456” and a password of “123456”. In result, hackers were able to access the sensitive personal data of applicants along with records of chats Olivia had with its applicants. McDonald’s acknowledged the data exposure problem within an hour, and credentials were disabled.

Source: WIRED, CSO , Bleeping Computer

 

Critical 0‑Day Vulnerability in Microsoft SQL Server Exposes Sensitive Data

A publicly disclosed zero‑day vulnerability CVE‑2025‑49719 in Microsoft SQL Server allowed unauthorized attackers to read uninitialized memory—and potentially extract sensitive data—over the network without requiring authentication. Microsoft released security updates on July 8, 2025, via Patch Tuesday to remediate the issue. The vulnerability is rated Important with a CVSS 3.1 base score of 7.5, and while Microsoft assesses exploitability as “Less Likely,” the lack of authentication and network exposure raise significant concern. 

Source: Cyber Security News, The Hacker News, Bleeping Computer

 

Louis Vuitton UK Noticed Data Breach

Louis Vuitton, a luxury brand, has become the latest UK retailer to suffer a security breach followed by Christian Dior Couture,Tiffany, and Cartier. An unauthorized third party had accessed its UK operation’s systems and obtained personal information such as names, contact details, and other data shared by the customers. According to Louis Vuitton, passwords, payment card information, and other financial details have not been obtained by the hackers. Louis Vuitton had already suffered from hacking for customers in South Korea and Turkey this year. Other countries may be impacted as well.

Source: Security Week, The Guardian, Infosecurity Magazine

 

 

 

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D.AMO

Click here for inquiries regarding the partner system of Penta Security

Check out the product lines of  Cloudbric by Penta Security:

Cloud-based Fully Managed WAAP: Cloudbric WAF+

Agent based Zero Trust Network Access Solution: Cloudbric PAS

Agentless Zero Trust Network Access Solution: Cloudbric RAS

 

Click here for inquiries regarding the partner system of Cloudbric

 

 

Tags: