A famous regional burger chain in the Pacific Northwest United States is the latest fast food company to suffer a major data breach.
Burgerville – from Vancouver, Washington – disclosed today that any customers who used a credit or debit card from September 2017 to September 2018 at any of its locations may have had their card details stolen. The company operates 42 locations in the region.
In August, the FBI contacted Burgerville to notify the company that it had been targeted in a cyberattack. The company believed that intrusion to be “brief” until September 19, when an internal forensics team identified that the chain was still affected by malware running on its systems. Burgerville coordinated with the FBI to neutralize and contain the malware, working with an external cybersecurity firm.
“As soon as Burgerville learned the intrusion was still active, the company immediately began steps to completely eradicate this breach, necessitating that all Burgerville systems be taken offline and upgraded simultaneously without any warning to the criminals.”
While the company has yet to disclose further technical details on the breach, it attributed the attack to Fin7, a renowned international cybercrime group. In August, the Department of Justice apprehended three members of Fin7 involved in “a highly sophisticated malware campaign targeting more than 100 U.S. companies, predominantly in the restaurant, gaming, and hospitality industries.” Believed to be a billion-dollar operation, Fin7 operates under the guise of a front company while selling stolen data in online marketplaces.
The attack on Burgerville was likely accomplished by malware that infected its point-of-sale systems — a common target in the recent surge of restaurant cyberattacks. In this case, the company confirms that attackers were able to exfiltrate names, credit card numbers, expiration dates and CVV numbers.
As part of its announcement, the United States Department of Justice noted that the Hacking Group – Fin7 – was behind already disclosed hacks of Chipotle, Chili’s and other food chains, including local businesses in Western Washington that remained unnamed at the time.
This was a sophisticated attack in which the hackers effectively concealed all digital traces of where they have been. However, in an abundance of caution, Burgerville recommends that anyone who visited their restaurants between September 2017 and September 2018 should consider that their data may have been compromised.
Somewhat surprising is the length of time it took to finally uncover the attack – believe it or not, it took nearly a whole year. This reinforces the need for companies to implement robust monitoring and threat detection capabilities so that any cyber attack or malware intrusion can be discovered in real-time to reduce the overall exposure.