Burgerville customer credit card info stolen in data breach laid at Fin7's feet

Despite the recent arrests of alleged Fin7 members, the threat group is actively targeting US companies.

Burgerville has revealed a data breach impacting the chain which may have led to the theft of detailed credit card information belonging to customers.

The security incident was thought to be a "brief intrusion," according to the US restaurant chain, and was only investigated after the US Federal Bureau of Investigation (FBI) notified Burgerville of the intrusion on August 22.

However, by September 19, the company realized the situation was far more serious than originally thought and the attack was actually an ongoing effort to covertly and systematically steal financial information belonging to the chain's customers.

Malware was installed on Burgerville systems in order to scrape and steal customer data. Although Burgerville does not say where the malware was found or what malware variants were involved, it is likely to be Point-of-Sale (PoS) systems as they handle credit card information at physical outlets.

See also: Peeled onions and a Minus Touch: Verizon data breach digest lifts the lid on theft tactics

Burgerville says that customer credit and debit card information, including names, card numbers, expiration dates, and CVV security numbers were stolen.

In other words, enough data was taken to successfully clone cards which are usable, at least, for contactless or online purchases made without the need for PIN numbers.

The firm does not know how many customers have been affected at this stage.

"This was a sophisticated attack in which the hackers effectively concealed all digital traces of where they have been," Burgerville says.

CNET: After Facebook's hack, there's a lot of useless post-breach advice

The data breach has been attributed to Fin7, also known as Carbanak Group, an international hacking ring which has successfully launched cyberattacks against at least 100 US companies.

In August, three alleged Ukrainian members of Fin7 were arrested in Europe, where Fin7 is believed to operate. Despite the arrests, indictments, and a total of 26 felony charges levied against the suspects, Fin7 is still actively deploying malware on corporate networks in order to steal valuable information.

According to the US Department of Justice (DoJ), this is not the first time Fin7 has targeted a US restaurant chain. Other victims include Chipotle Mexican Grill, Chili's, Arby's, Red Robin, and Jason's Deli.

Fin7 has been linked to the Carbanak financial Trojan which infiltrates corporate networks via phishing campaigns. It is believed the group is responsible for the theft of at least $1 billion worldwide.

TechRepublic: Why 31% of data breaches lead to employees getting fired

Once the company realized the extent of the problem, an external cybersecurity firm was pulled in to contain the breach. Burgerville has now completed a "remediation plan" which is intended to keep the firm's networks safe from further intrusions and fully eradicate any trace of malware.

"We realize that this intrusion was not only on Burgerville's system but also on your life," Jill Taylor, Interim CEO of Burgerville said. "This isn't what you expected to happen when you came to visit one of our locations. Beyond a breach of information, this type of intrusion impacts our way of life together."

The firm says that all visitors of its restaurants between September 2017 and September 2018 "should consider that their data may have been compromised"; in other words, you should keep an eye on your credit report for any suspicious activity and immediately inform your bank if you find any evidence of fraudulent activity.

Previous and related coverage