Fin7 Hackers Breached US Chain Burgerville

A regional US fast food chain has become the latest victim of the notorious Fin7 hacking group after a breach of card data involving countless customers.

The FBI informed Pacific North West chain Burgerville on August 22 that it had been a target of the group, also known as Carbanak.

It was believed that the attack was a brief one, carried out a year previously, in September 2017. However, further investigation revealed it was still ongoing, with remediation finally completed by the firm on September 30.

Burgerville claimed it still doesn’t know how many customers were affected because the group was “adept at concealing their digital footprints.” However, it warned anyone that has visited a restaurant between September 2017 and 2018 may have had their card data compromised. With over 40 locations, this could amount to a sizeable breach.

Credit and debit card information, including names, card numbers, expiration dates, and the CVV numbers were taken — meaning the details would be relatively easy to monetize on the dark web.

Customers are advised to review card statements for any unusual activity, obtain an annual credit report and consider freezing their credit.

Three alleged members of the Fin7 group were arrested earlier this year and each charged with 26 counts of conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft.

Experts guessed that the breach was the result of POS malware installed on the Burgerville network.

“What is somewhat surprising is the length of time it took to discover the attack — nearly a whole year,” continued AlienVault security advocate, Javvad Malik. “This reinforces the need for companies to implement robust monitoring and threat detection capabilities so that any attack or malware can be discovered in a timely manner to reduce the overall exposure.”

Articles You May Like

Tech doesn’t get more full circle than this
Google will start erasing location data for abortion clinic visits
FBI and MI5 Bosses Warn of “Massive” China Threat
Watch out for survey scams – Week in security with Tony Anscombe
OpenSSL fixes two “one-liner” crypto bugs – what you need to know

Leave a Reply

Your email address will not be published.