A Nova Scotia woman is looking for an apology from McDonald’s after she says her fast food app was breached.

Tracy Creaser says the first email notification came on Feb. 1. The order was for a ten-piece McNugget Meal with a poutine and a diet soda. Creaser says she paid for the food, but she didn’t place the order.

The order was placed through Creaser’s My McD’s app on her phone. Two others were placed over the next few days, but all of the food was being ordered, and picked up, at a McDonald’s location in Mississauga, Ontario. Creaser lives in Lower Sackville, N.S. Because her credit card was tied to her app, Creaser paid for nearly $100 worth of food that she didn’t order.

She says she learned that others were affected too, after seeing reports out of Ontario about similar issues.

“My thought at that point was, ‘This has been going on for two weeks? How come McDonald’s hasn’t said anything?'” Creaser asked. “What happened to me was completely preventable.”

Creaser called McDonald’s customer service, but she says she was told any security issue was on her end, if her email was breached. But Creaser doesn’t believe that explanation.

“My (bank) app is attached to my email, which has access to my credit card, chequing account, savings account,” Creaser said. “You’re telling me someone breached my email and just decided to order McDonald’s?”

In an emailed statement, McDonald’s spokesperson Ryma Boussoufa told CTV: “Just like any other online activity, we recommend that our guests use our app diligently by not sharing their passwords with others, creating unique passwords and changing passwords frequently.”

Boussoufa says McDonald’s takes “appropriate measures” to keep personal information secure.

With files from CTV Atlantic's Emily Baron-Cadloff