FIN7 hackers hit fast food chain Burgerville, stealing card details of thousands of customers

• The compromised data includes customers’ names, card numbers, expiration dates and CVV numbers of both credit and debit cards.
• The attackers implanted a malware on Burgerville’s network to carry out the attack.

Vancouver-based Burgerville announced that it has suffered a data breach that may have compromised payment details of thousands of customers. The compromised data includes customers’ names, card numbers, expiration dates and CVV numbers of both credit and debit cards.

The company claimed that customers’ personal details were not affected by the breach. Burgerville believes that that attack was orchestrated by Fin7 - a sophisticated international cybercrime group.

“The organization responsible for this breach is believed to be Fin7, a sophisticated international cybercrime group. On August 1, 2018, the U.S. Department of Justice issued a press release announcing the apprehension of three members of this group who have been connected with launching cyber attacks on more than 100 companies across 47 states. The press release mentions that there was a wave of attacks on local businesses specifically in Western Washington, which includes Burgerville,” the firm added.

The restaurant chain was notified of the breach by the Federal Bureau of Investigation (FBI) on August 22, following which an investigation was immediately initiated with the assistance of a third-party security team.

FIN7 still had access to Burgerville networks

During the investigation, the company, which previously believed that the breach was a minor intrusion, found that the cybercriminals still had access to its systems and networks. The attackers implanted a malware on Burgerville’s network to carry out the attack, without being detected.

“On September 19, 2018, as part of its forensic investigation, Burgerville discovered that the breach, which was initially thought to be a brief intrusion, was still active. The group of hackers had placed malware on Burgerville’s network and were continuing to collect payment data” Burgerville said in a statement.

Once the breach was discovered on September 19, Burgerville took the appropriate remedial steps to fix the issue. This includes cutting off the cybercriminals’ access to their networks by disabling the malware and upgrading the systems.

It is still unclear as how many customers were affected by the breach. However, the company has urged customers who used their credit or debit cards between September 2017 and September 2018 to closely review their account statements for any unauthorized transactions. Customers are also advised advised to consider temporarily freezing their accounts.

“This was a sophisticated attack in which the hackers effectively concealed all digital traces of where they have been,” Burgerville added. “However, in an abundance of caution, Burgerville recommends that anyone who visited their restaurants between September 2017 and September 2018 should consider that their data may have been compromised.