At some point in 2017 or 2018, the restaurant chain Burgerville experienced a security breach. The only way Burgerville learned of the issue is when the FBI notified them on August 22 of this year. At first, it was seen as a “brief intrusion that no longer existed”. However by September 19, (almost a whole month later), the company realized that the breach was active, and was targeting customer’s financial information. Burgerville does not specify what kind of malware it was or where it was detected, though the source article adds that it could be at a point-of-sale system, where people physically swipe/scan/insert their cards.
Data that was stolen includes credit/debit card information: names, card numbers, expiration dates, and CVV security numbers. Burgerville also does not know how many people could have been affected by this, though they warn everyone who used cards from September 2017 through September 2018 to watch their accounts for false purchases. Anyone who used a card to purchase anything at any one of their locations during the last year can have their credit info compromised.
“This was a sophisticated attack in which the hackers effectively concealed all digital traces of where they have been,” states Burgerville. Although no direct evidence was given, the data breach is attributed to Fin7, also known as Carbanak group, another Eastern European hacking network that has successfully done cyberattacks on over 100 US companies.
In August, three Ukrainian members of Fin7 were arrested in Europe, where Fin7 is believed to operate. Despite the arrests, Fin7 is still actively deploying malware on corporate networks. According to the US Department of Justice, this is not the first time Fin7 has targeted a US restaurant chain. Other victims include Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin, and Jason’s Deli.
Although the chain made the initial mistake of underestimating the breach, they pulled in an external cybersecurity company to stop the breach, remove malware, and take preventative measures. “The operation had to be kept confidential until it was completed in order to prevent the hackers from creating additional covert pathways into the company’s network,” Burgerville said in a written statement. Burgerville completed the operation to seal the breach on September 30.