Vancouver-based Burgerville hit by data breach

Burgerville announced Wednesday that its network had been hit by a cybersecurity breach that may have resulted in customers’ credit and debit card information being compromised, including names, card numbers, expiration dates and three-digit CVV numbers.

The company is urging anyone who used a credit or debit card at a Burgerville location between September 2017 and Sept. 30, 2018 to review their statements and credit reports for unauthorized charges. The breach is now contained, the company said in a press release.

Burgerville is also urging customers to consider freezing their credit, which can be done for free by contacting the three major credit bureaus: Equifax, Experian and TransUnion. The total number of affected customers was not immediately clear, the company said, but no personal information appears to have been compromised other than the payment card data.

The FBI notified Burgerville of the breach on Aug. 22, and the company said it cooperated with the FBI and began its own forensic investigation with the assistance of a third-party cybersecurity team. The company said it initially believed the breach had been a brief intrusion, but discovered on Sept. 19 that malware was still active on its network and collecting data.

In response to questions about why Burgerville didn’t notify the public at an earlier date, a spokesperson said the company agreed to keep the breach confidential to assist the FBI investigation and make sure the hackers’ entry pathways were uncovered.

Once the active breach was discovered on Sept. 19, the company began preparing to fix it, which required first identifying all of the hackers’ pathways into the system and then taking Burgerville’s systems offline so that they could be simultaneously updated to close all the pathways.

The operation was completed Sunday, the company said, but had to be kept confidential beforehand in order to prevent the hackers from finding out about it in advance and creating new covert pathways into the company’s network.

Burgerville’s press release says the malware was believed to have been placed in its network by hackers from FIN7, an international cybercrime group. According to an FBI press release in August, the group has targeted more than 100 U.S. companies with “highly sophisticated” malware attacks since 2015, often in the restaurant and hospitality industries.

Companies in 47 states have been affected, according to the FBI, as well as companies in Australia, France and the United Kingdom. Chipotle, Chili’s, Arby’s and Red Robin have all previously been targeted by FIN7 attacks, as well as several companies in Western Washington, such as the Emerald Queen Casino.

The group typically used a technique called “spear phishing” to infiltrate company networks, according to the FBI. The cyberattack group sent emails to employees at affected companies that were designed to mimic the appearance of official company communications. The intent, the FBI says, was to trick employees into opening malware-infected attachments contained in the email. The emails were often accompanied by phone calls in order to create a greater appearance of legitimacy.

Once opened, the malware gave FIN7 access to the company’s computers in order to steal information including credit card numbers. The group has stolen data from more than 15 million cards since 2015, according to the FBI, and later sold the data through underground marketplaces.

“Beyond a breach of information, this type of intrusion impacts our entire community — Burgerville’s customers, vendor partners, employees, and the entire eco-system of the place we call home, the Pacific Northwest,” Burgerville interim CEO Jill Taylor said in a statement. “Unfortunately, these types of breaches are all too common today and they are taking a toll on people’s ability to feel safe and to trust one another — core tenets of building a resilient community. From our mission: Serve With Love, we stand committed to being a good partner and helping to build confidence with the community that has given us so much.”