Cyber Incident Victim: Burgerville
Date:
Sep 2017
Location:
United States of America
Summary
A US restaurant chain suffered a data breach involving malware installed by the Fin7 cybercrime group, leading to the theft of customer credit and debit card details including names, card numbers, expiration dates, and CVV security codes. The intrusion, initially perceived as brief, was discovered after FBI notification and later confirmed as an ongoing operation targeting financial data, enabling card cloning for fraudulent transactions. Despite prior arrests of alleged Fin7 members, the group remained active in targeting multiple restaurant businesses. The company engaged external cybersecurity experts to contain the incident and implement remediation measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Burgerville experienced a data breach involving unauthorized access to customer payment card information over an extended period from September 2017 through September 2018. The intrusion was first detected after the Federal Bureau of Investigation (FBI) notified the restaurant chain about potential security issues on August 22, 2018. Initial assessments suggested the compromise was limited in duration, but further investigation revealed by September 19, 2018, that the attack remained active and specifically targeted financial data. Malware was deployed on Burgerville's systems to scrape and exfiltrate transaction details from payment processing infrastructure. This malicious activity continued undetected for approximately one year prior to law enforcement involvement.
The attackers successfully harvested names, credit/debit card numbers, expiration dates, and CVV security codes from affected customers—sufficient information to clone physical cards or conduct fraudulent online transactions. Burgerville attributed the breach to Fin7 (also known as Carbanak Group), a cybercrime syndicate previously implicated in attacks against other U.S. restaurant chains including Chipotle and Chili's. This attribution persisted despite law enforcement arrests of alleged Fin7 operatives around the same timeframe. Following containment efforts with assistance from an external cybersecurity firm, Burgerville implemented a full remediation plan. The company publicly advised customers who visited its locations during the 12-month breach window to monitor financial statements for unauthorized charges and report suspicious activity to their banking institutions. No specific customer impact figures were disclosed in available reporting.