The world’s biggest burger chain said cyber attackers had accessed a “small number” of files on South Korea and Taiwan customers.
The breach included e-mail, delivery addresses and phone numbers – but not payment details.
A spokeswoman for the firm said it would take steps to “notify regulators and customers listed in these files”.
The details of the breach, first reported by the Wall Street Journal, were discovered during an external investigation after unauthorized activity was spotted on the company’s network.
The company said its “substantial investment” in cyber security meant it was identified quickly.
“These tools allowed us to quickly identify and contain recent unauthorized activity on our network. A thorough investigation was conducted, and we worked with experienced third parties to support this investigation,” it said.
Operations at its restaurants were not affected by the hack.
However, the fast-food firm did say that personal data on employees was also accessed – although it did not say in which countries.
“In the coming days, a few additional markets will take steps to address files that contain employee personal data.
“Moving forward, McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures.”
It’s the latest big firm to be targeted by cyber attackers in recent weeks. On Thursday, game publisher Electronic Arts (EA) said that hackers had stolen valuable information, including source code for games such as FIFA 21.
The chief executive of Colonial Pipeline also told senators this week that the decision to pay a $4.4m (£3.1m) ransom to hackers in Bitcoin in May was the “hardest decision” of his career. The majority of that money has since been recovered by the US Department of Justice.