France – Burger King


Exploit: Unprotected Elasticsearch cluster.
Burger King: Global fast food chain.

Risk to Small Business: 1.888 = Severe: A database for Burger King’s France-based online store for kids was left unprotected, allowing anyone to access sensitive personal information from thousands of shoppers. Those with access to the database were able to edit, download, or delete any of the database details, which were stored in plain text. Although the company immediately disabled controls, it’s entirely possible that data was compromised during the breach window.

Individual Risk: 2.285 = Severe The data in question included personally identifiable information including names, emails, passwords, phone numbers, dates of birth, and voucher codes. Since the Kool King Shop caters to kids who bought Burger King menus, it’s probable that at least some of the exposed information belongs to minors, something that is especially noteworthy in any data breach. Although there is no indication that data was stolen, customers who participated in this program should assume that their data may have been accessed, and they should enrol in identity monitoring services.

Customers Impacted: 37,900
How it Could Affect Your Customers’ Business: Security researchers did not find any ransom notes in the database, something that is more attributable to luck than cybersecurity prowess. As companies around the world grapple with the aftermath of a ransomware attack, security providers at every level must understand the importance of addressing cybersecurity vulnerabilities and updating infrastructure accordingly. In many cases, partnering with a third-party can help companies identify their greatest risks before hackers can exploit them.

ClearYolk to the Rescue: Designed to protect against human error, our phishing service simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defence against cybercrime.

More to explore


Service Starter Mid Expert Enterprise
Monitoring Yes Yes Yes Yes
Live Notifications & Reporting Yes Yes Yes Yes
Onboarding Session with our Success Team Yes Yes Yes Yes
Monitor all users (up to XX) 150+
Monitored Domain Yes Yes Yes Yes
Additional Domains No 1 3 5
Personal Email Addresses (Gmail / Icloud etc) No 10 30
Monitored Router IP & Device IP Breach No Yes Yes Yes
Dedicated Account Manager No No Yes Yes
Fully managed Service No No No Yes
Go Phishing No No No Yes
Staff Training No No No Yes
PCM (If paid monthly) £45 £75 £150 N/A
PCM (If paid annually 20% discount) £36 £60 £120 N/A
Annual 20% discount for annual transaction £432 £720 £1440 Call
Annual Saving £180 £180 £360 Call
1 Additional Domain £25 £25 £25
Add Additional 10 Personal Emails £25 £25 £25