
The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.
A critical security vulnerability in McDonald's AI-powered hiring platform, McHire, allowed unauthorized access to the personal data of over 64 million job applicants. The flaw, discovered by security researchers, stemmed from weak backend credentials, exposing sensitive information collected by the AI chatbot Olivia.[AI generated]
Why's our monitor labelling this an incident or hazard?
The AI system (AI-powered recruiting chatbot) was used in the hiring process and collected sensitive personal data. The security flaw (weak password) allowed unauthorized access to this data, directly leading to a breach of privacy and potential harm to millions of individuals. The harm includes violations of personal data protection rights and risks of identity theft and fraud, which fall under violations of human rights and harm to individuals. The AI system's involvement in data collection and storage is central to the incident. Hence, this qualifies as an AI Incident rather than a hazard or complementary information.[AI generated]