Hamburglar? N.S. woman baffled after someone in Montreal uses her My McD's app
‘This is an app that's supposed to be secure,’ says Lauren Taylor
Lauren Taylor says she has no idea how someone in Montreal spent $483.65 using her McDonald's app.
The Halifax woman said she received dozens of order confirmations in her email inbox with the last four digits of her Visa debit card between Jan. 25-29.
"It's amazing to see how quick someone can just breach your privacy … rent is three days away and now I have to find the money," Taylor said. "It's a good thing that I live with family. Otherwise I'd be out."
The charges to Taylor's account went unnoticed for days because she hadn't checked her emails. When she checked her bank account, there was $1.99 left.
Some of the items purchased included large fries, Big Macs, poutine, junior chicken meals, Filet-O-Fish sandwiches, McDouble burgers, bacon and hashbrown McWraps, Egg McMuffins and hot cakes.
McDonald's Canada said there was no security breach on the My McD's app.
"We take appropriate measures to keep personal information secure, including on our app," Ryma Boussoufa, a company spokesperson, wrote in an email.
"Just like any other online activity, we recommend that our guests use our app diligently by not sharing their passwords with others, creating unique passwords and changing passwords frequently."
Taylor said she doesn't know anybody in Quebec. She said she has never been to Quebec.
She said she has different passwords for all her online accounts and changes them frequently. She said she never shares her passwords and her passwords are strong.
With the McDonald's app, passwords must be eight to 12 characters long, include upper and lowercase characters and at least one number.
"This is an app that's supposed to be secure," she said. "So why do I live in Nova Scotia and why is my card being used in Quebec? That's crazy."
Not an isolated incident
Taylor isn't the only person in Halifax whose app was used to make purchases in Quebec.
Brett O'Donnell had the same thing happen to him on Jan. 17, but he caught it within a half hour.
"I was at work and just checking my email and see an email from McDonald's around 1:30 p.m. I was first hesitant, thinking maybe this is, you know spam possibly trying to get my information somehow," O'Donnell said.
"But no, it matched exactly the previous emails I had received from [McDonald's] and it also had a lot of personal information in it."
In O'Donnell's case, someone used his app to buy $50 worth of food at a McDonald's location in Mirabel, Que. There were two orders; one for 30 chicken nuggets and another for a Double Big Mac meal.
He called McDonald's immediately and was able to get the money refunded into his account, but he said the experience was stressful.
The good news, Taylor said, is the bank will refund her account.
"[The bank] told me that I had to call McDonald's back for them to confirm that it was actually fraud on my account," Taylor said.
"And then I called RBC back and they called McDonald's back with my case number, confirmed that it was fraud [and] agreed to give the money back within three to 10 business days."
Taylor said she filed a police report, too.
Halifax Regional Police confirmed it received a report of a fraud that had been occurring through a McDonald's app on Jan 29 and that it was investigating the incident.
Each order confirmation from McDonald's is time-stamped with the different locations where the food was picked up, so Taylor is hoping that will be helpful in the investigation.
McDonald's orders were placed at five different locations in the Montreal area.
As for McDonald's, Taylor said the company could be doing more to make sure every purchase from its app is extra secure.
Among her suggestions are texts to mobile phones to confirm orders, requesting CVV codes or requiring a code to finalize an order.