Data leak
McDonald's Paradox AI Chatbot Breach (64M Job Applicants)
Primary Source βIncident Details
In July 2025, McDonald’s disclosed a breach affecting approximately 64 million job applicants whose data was stored on systems operated by Paradox, Inc., McDonald’s third-party AI-powered hiring chatbot provider. The exposed data included names, email addresses, phone numbers, IP addresses, and chat logs from job application conversations. Paradox’s automated chatbot system is used extensively by McDonald’s to handle the initial stages of its high-volume recruitment process. This is one of the largest job applicant data breaches on record by impacted count.
Technical Details
- Initial Attack Vector
- Third-party AI chatbot provider Paradox, Inc. used by McDonald's for automated job application processing was compromised, exposing applicant data collected through the hiring platform
- Vendor / Product
- Paradox, Inc. AI chatbot / hiring platform
Timeline
- 2025-07-01 Breach occurred
- 2025-07-15 Publicly disclosed
- 2025-07-15 Customers notified