Personal data from more than 64 million McDonald’s job applicants was exposed after a basic coding flaw in an AI-powered hiring bot allowed unauthorized access to application records. The breach, which occurred in summer 2025, stemmed from an insecure direct object reference, or IDOR, a well-known vulnerability that lets anyone reach protected files by simply changing a number in a web address. Researchers at Claremont Graduate University traced the failure and published a detailed case study calling it “entirely preventable with basic access controls.”
How a simple coding flaw opened 64 million applicant files
The scale of the exposure is staggering. An IDOR vulnerability in the AI bot that processed McDonald’s job applications meant that no authentication check stood between an outside user and individual applicant records. By altering sequential identifiers in the system’s URLs, anyone with minimal technical knowledge could have browsed through files belonging to other applicants. The Inland Cyber Defense Clinic at Claremont Graduate University documented the flaw and confirmed that 64 million application records were left accessible.
IDOR vulnerabilities are not exotic. They rank among the most common web application weaknesses cataloged by security organizations, and they are straightforward to prevent. Standard access-control checks, where a server verifies that the person requesting a record is authorized to see it, would have blocked the exposure entirely. The fact that the AI hiring bot shipped without this safeguard raises pointed questions about how thoroughly automated recruitment tools are tested before they handle sensitive personal information at scale.
The breach sits at the intersection of two accelerating trends: the rapid adoption of AI-driven hiring systems and the persistent failure of organizations to apply basic security hygiene to those systems. Companies across the fast-food, retail, and logistics sectors have moved millions of applications through automated screening tools over the past several years. When those tools skip foundational security steps, the volume of data at risk multiplies fast. A single IDOR flaw in a traditional, low-volume portal might expose hundreds of records. The same flaw in an AI bot processing applications for one of the world’s largest employers exposed tens of millions.
What the Claremont Graduate University case study found
The technical breakdown published by Claremont Graduate University‘s cybersecurity research arm lays out the anatomy of the breach in plain terms. The AI hiring bot assigned each application a predictable numeric identifier. Because the system did not verify whether a requesting user had permission to view a given identifier, an attacker or even a curious applicant could increment the number and pull up someone else’s submission. The clinic described this as a textbook IDOR scenario, one that introductory web-security courses teach students to detect and fix.
The case study does not name the specific vendor that built or operated the AI bot, and McDonald’s has not released a public incident report detailing which data fields were exposed. That gap matters. Job applications typically contain full legal names, phone numbers, email addresses, dates of birth, employment histories, and sometimes Social Security numbers or other government-issued identifiers. Without a formal breach notification from McDonald’s or a regulatory filing, applicants have no clear picture of what information may have been accessed or by whom.
Separate reporting on the growing use of automated interviews shows that AI-driven hiring tools now handle millions of candidate interactions across industries. That context sharpens the risk: the McDonald’s incident is not an isolated failure but a warning about a class of systems that many large employers now depend on. When AI bots collect and store applicant data at this volume, a single access-control mistake can produce a breach that dwarfs traditional hiring-portal exposures.
Unanswered questions and what applicants should do next
Several critical details remain unresolved. No public regulatory filing confirms the exact data fields that were accessible through the IDOR flaw. McDonald’s has not issued a formal statement acknowledging the breach or describing remediation steps. The identity of the AI bot vendor is absent from the Claremont case study, leaving open the question of whether the same software powers hiring pipelines at other major employers.
The 64 million figure itself, while documented by the Claremont researchers, has not been independently corroborated by McDonald’s internal security teams or by a government data-protection authority. Without that confirmation, the precise scope of real-world harm to applicants is difficult to measure. It is possible that some records were accessed only by the researchers who discovered the flaw, but it is equally possible that others found and exploited the vulnerability before it was reported.
For the tens of millions of people who have applied for McDonald’s positions in recent years, the practical risk is real regardless of the final confirmed count. Applicants who submitted personal information through the company’s online hiring system should monitor their credit reports, watch for phishing emails that reference job applications, and consider placing fraud alerts with the major credit bureaus. Anyone who included a Social Security number or government ID in their application should treat the situation with particular urgency.
The broader question now is whether companies using AI hiring bots will face regulatory pressure to conduct independent security audits before deploying those tools at scale. The Claremont case study makes a blunt point: basic authorization checks, secure session handling, and routine penetration testing would almost certainly have identified the IDOR flaw before it exposed tens of millions of records. Regulators may decide that voluntary best practices are no longer enough when automated systems are entrusted with such large volumes of sensitive data.
Some privacy advocates argue that mandatory third-party assessments should become a condition of using AI tools for high-risk processing, including large-scale hiring. Under that model, vendors and employers would need to demonstrate that their systems implement least-privilege access, encrypt sensitive fields in transit and at rest, and log all access to applicant records for forensic review. Others warn that overly prescriptive rules could slow innovation without guaranteeing better outcomes, especially if audits devolve into box-checking exercises.
Regardless of how regulation evolves, the McDonald’s incident underscores a simpler lesson for organizations rushing to adopt AI in human resources: automation does not reduce responsibility. If anything, it raises the stakes. When a single bot can accept, score, and store applications from millions of people, any security oversight is amplified. Companies cannot outsource liability to a vendor or to the buzzword of the moment. They remain accountable for ensuring that every system touching personal data meets baseline security standards.
For applicants, the episode is a reminder to treat online job forms with the same caution they would bring to banking or medical portals. Providing only the minimum required information, using unique email addresses and passwords for job sites, and being skeptical of follow-up messages that ask for additional sensitive details can all reduce exposure. None of these steps can retroactively close the IDOR hole that affected McDonald’s applicants, but they can limit the damage when, inevitably, another hiring platform turns out to have similar flaws.
The McDonald’s breach is likely to become a case study in both cybersecurity and employment law courses: a clear example of how a mundane coding mistake can cascade into a systemic failure when paired with large-scale automation. Whether it also becomes a turning point for how companies secure AI hiring tools will depend on what happens next-inside corporate security teams, at regulatory agencies, and among the vendors racing to sell the next generation of recruitment bots. For now, the exposed applications stand as a stark warning that in the rush to modernize hiring, some of the most basic safeguards were left behind.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.