Thousands of Burgerville customers’ credit card data may have been stolen in a year-long cyberattack, the Oregonian reports. In a press release, the fast food chain announced that a data breach that started in September 2017 exposed credit and debit card information to a group of international hackers in Eastern Europe throughout the next 12 months. The group, known as Fin7, has attacked more than 100 US companies, according to the United States Department of Justice.
Burgerville learned of the hack in August 2018, when the Federal Bureau of Investigation contacted the company about a traced breach from the year before. Burgerville says the attack was initially construed as a brief leak that was no longer active, but an investigation in cooperation with the FBI revealed that customers were still vulnerable. The company says it chose not to release information about the breach beforehand to respect the confidentiality of the FBI investigation, waiting until the cyberattack was resolved.
Willamette Week reports that Portland attorney has already filed a class-action lawsuit against the burger chain, which says “Burgerville knew that its failure to protect [the] plaintiff’s card information from unauthorized access would cause serious risks of credit harm and identity theft for years to come.” The suit, filed by local attorney Michael Fuller on behalf of client Cassandra Nelson, also posits that the withholding of information from the public was to protect profits, not because of the FBI.
The company suggests any customers who visited Burgerville between September 2017 and September 2018 should check their credit statements for unauthorized charges and consider freezing their credit. Burgerville has also set up a line for customers regarding the breach: Call 1-855-336-6688 for more information.
• Burgerville [Official]
• Burgerville reports major credit card breach [The O]
• Class Action Lawsuit Filed Against Pacific Northwest Burgerville Chain For Possible Data Breach Damages [WWeek]
• Three Members of Notorious International Cybercrime Group “Fin7” In Custody for Role in Attacking Over 100 U.S. companies [DOJ]
• All previous Burgerville coverage [EPDX]