If there's a silver lining in the disclosure, it lies in the fact that McDonalds was able to confirm that no payment information was stolen. Nonetheless, the hackers were able to abscond with a raft of personal information including email addresses, phone numbers, physical addresses and the full names of an as yet undetermined number of customers and employees.
As part of their disclosure, the company said that they were working with law enforcement and a outside internet security vendor to conclude the investigation. They included that they were in the process of contacting any customer whose information was compromised by the breach.
So far, their handling of the aftermath of the hack has been exemplary, though that's at least in part because they've had their share of practice. Back in 2017, the company suffered an attack that revealed a cross-site scripting vulnerability that left customer passwords exposed and stored as plain text.
If you live in the US, Korea or Taiwan and are a regular McDonalds customer and have created a login on the company's site or have downloaded the McDonalds app, you may be getting a letter from the company explaining that the information you shared with the company was compromised. The letter should outline the company's next planned steps. Even if you don't get a communication from them, your best bet is to change your McDonalds or app password right away.