This case was last updated from PACER on 10/06/2021 at 05:52:25 (UTC).

Kim et al v. McDonald's USA, LLC et al

Case Summary

On October 5, 2021, Jeong-Su Kim, Hue-Soung Jun, and Jong Min Lee (“Plaintiffs”), individually and on behalf of all others similarly situated, represented by Shannon Marie McNulty of Clifford Law Offices, filed a contract lawsuit against McDonald’s USA, LLC and McDonald’s Corporation (collectively, “McDonald’s” or “Defendants”), seeking equitable relief and statutory damages, for the alleged injuries sustained as a result of Defendants’ breach of security concerning the personal information of Plaintiffs and the Class. This case was filed in the U.S. District Court in the Northern District of Illinois with Judge John Robert Blakey presiding. 


In the complaint, Plaintiffs alleged that, “This class action arises out of the April 15, 2021, data hack and data breach (“Data Breach”) of McDonald’s that the company announced in June of 2021, whereby delivery customers’ (“Customers”) addresses, phone numbers, and e-mail addresses (“Personal Information”) were stolen by attackers. Plaintiffs provided this data to Defendants with the expectation that Defendants would manage, maintain, and secure this data in full compliance with all applicable laws and regulations. They did not. As a result of the Data Breach, Plaintiffs and thousands of other Class Members suffered losses in the form of the value of their time, anxiety, mental and emotional distress reasonably incurred to investigate, remedy, prevent, or mitigate the effects of the attack. Additionally, Plaintiffs’ and Class Members’ Personal Information, which was entrusted to Defendants, its officials, and agents, was compromised and unlawfully accessed as a result of the Data Breach.” 


Plaintiffs further alleged that, “Defendants maintained the Personal Information in a reckless manner, including by failing to safeguard Personal Information against cyberattacks and by not securing and/or encrypting the files containing this data. In particular, the Plaintiffs’ Personal Information was maintained in a non-encrypted file on Defendants’ servers in a condition vulnerable to cyberattacks. Despite the lack of encryption of the files containing the Personal Information, Defendants failed to take steps necessary to secure the Personal Information from potential cyberattacks and other risks.”


Plaintiffs list out three claims for relief. The first claim is for violation of The Consumer Fraud and Deceptive Business Practices Act. The second claim is for violation of The Uniform Deceptive Trade Practices Act (“UDTPA”), and the third claim is for violation of The Personal Information Protection Act. Plaintiffs alleged that Defendants and their employees failed to properly monitor their network and server that contained the Personal Information, implement appropriate steps to ensure that the Personal Information was secured, and to implement and/or execute appropriate policies to notify Plaintiffs and Class Members promptly when the data breach occurred.


In the prayer for relief, Plaintiffs requested the court for an order certifying this action as a class action and order equitable relief compelling Defendants, among other things (1) to utilize appropriate methods and policies with respect to consumer data collection, storage, and safety, (2) to disclose with specificity how and when the Data Breach occurred, and (3) to create and disclose data retention and transmission policies that are accurate and truthful, and otherwise comply with all applicable legal standards. Further, Plaintiff requested the court for an order requiring Defendants to pay for phishing scam monitoring and identity theft protection services for Plaintiffs and the Class and an award of damages, including statutory damages and statutory penalties and such other and further relief as this court may deem just and proper. 


This case summary may not reflect the current position of the parties to this litigation or the status of this case. Sign up to view the latest case updates and court documents.

Case Details Parties Documents Dockets


Case Details

  • Case Number:


  • Filing Date:


  • Case Status:

    Pending - Other Pending

  • Case Type:

    Contract - Other Contract

Judge Details

Presiding Judge

John Robert Blakey


Party Details


Jeong-Su Kim

Hue-Soung Jun

Jong Min Lee


McDonald's USA, LLC

McDonald's Corporation

Attorney/Law Firm Details

Plaintiff Attorney

Shannon Marie McNulty

Attorney at Clifford Law Offices

120 North Lasalle Street, Suite 3100

Chicago, IL 60602


Court Documents


1 #1

Civil Cover Sheet




Docket Entries

  • 10/05/2021
  • View Court Documents
  • Docket(#3) APPENDIX complaint #1 Appendix A (McNulty, Shannon) (Entered: 10/05/2021)

    Read MoreRead Less
  • 10/05/2021
  • DocketCASE ASSIGNED to the Honorable John Robert Blakey. Designated as Magistrate Judge the Honorable Sunil R. Harjani. Case assignment: Random assignment. (cxr, ) (Entered: 10/05/2021)

    Read MoreRead Less
  • 10/05/2021
  • View Court Documents
  • Docket(#2) ATTORNEY Appearance for Plaintiffs Hue-Soung Jun, Jeong-Su Kim, Jong Min Lee by Shannon Marie McNulty (McNulty, Shannon) (Entered: 10/05/2021)

    Read MoreRead Less
  • 10/05/2021
  • View Court Documents
  • Docket(#1) COMPLAINT filed by Jeong-Su Kim, Jong Min Lee, Hue-Soung Jun; Jury Demand. Filing fee $ 402, receipt number 0752-18740726. (Attachments: #1 Civil Cover Sheet)(McNulty, Shannon) (Entered: 10/05/2021)

    Read MoreRead Less

Dig Deeper

Get Deeper Insights on Court Cases

Latest cases where McDonald's is a litigant

Latest cases represented by Lawyer Shannon Marie McNulty